0s autopkgtest [15:12:28]: starting date and time: 2024-06-14 15:12:28+0000 0s autopkgtest [15:12:28]: git checkout: 433ed4c Merge branch 'skia/nova_flock' into 'ubuntu/5.34+prod' 0s autopkgtest [15:12:28]: host juju-7f2275-prod-proposed-migration-environment-9; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.x_3aj1jf/out --timeout-copy=6000 --setup-commands 'ln -s /dev/null /etc/systemd/system/bluetooth.service; printf "http_proxy=http://squid.internal:3128\nhttps_proxy=http://squid.internal:3128\nno_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com\n" >> /etc/environment' --apt-pocket=proposed=src:shadow --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=shadow/1:4.13+dfsg1-4ubuntu3.2 -- lxd -r lxd-armhf-10.145.243.39 lxd-armhf-10.145.243.39:autopkgtest/ubuntu/noble/armhf 58s autopkgtest [15:13:26]: testbed dpkg architecture: armhf 60s autopkgtest [15:13:28]: testbed apt version: 2.7.14build2 60s autopkgtest [15:13:28]: @@@@@@@@@@@@@@@@@@@@ test bed setup 68s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 68s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [10.5 kB] 68s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [12.9 kB] 68s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [5468 B] 68s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [22.6 kB] 68s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main armhf Packages [32.4 kB] 68s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main armhf c-n-f Metadata [2492 B] 68s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted armhf Packages [2776 B] 68s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted armhf c-n-f Metadata [116 B] 68s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe armhf Packages [41.2 kB] 68s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe armhf c-n-f Metadata [7776 B] 68s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse armhf Packages [764 B] 69s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse armhf c-n-f Metadata [116 B] 71s Fetched 404 kB in 1s (283 kB/s) 71s Reading package lists... 87s tee: /proc/self/fd/2: Permission denied 110s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 110s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 110s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 110s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 112s Reading package lists... 112s Reading package lists... 112s Building dependency tree... 112s Reading state information... 113s Calculating upgrade... 113s The following packages will be upgraded: 113s cloud-init login passwd 113s 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 113s Need to get 1616 kB of archives. 113s After this operation, 1024 B of additional disk space will be used. 113s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main armhf login armhf 1:4.13+dfsg1-4ubuntu3.2 [200 kB] 114s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main armhf passwd armhf 1:4.13+dfsg1-4ubuntu3.2 [818 kB] 114s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main armhf cloud-init all 24.1.3-0ubuntu3.3 [598 kB] 115s Preconfiguring packages ... 115s Fetched 1616 kB in 1s (1167 kB/s) 115s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57905 files and directories currently installed.) 115s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.2_armhf.deb ... 115s Unpacking login (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 115s Setting up login (1:4.13+dfsg1-4ubuntu3.2) ... 115s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57905 files and directories currently installed.) 115s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.2_armhf.deb ... 115s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 116s Setting up passwd (1:4.13+dfsg1-4ubuntu3.2) ... 116s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57905 files and directories currently installed.) 116s Preparing to unpack .../cloud-init_24.1.3-0ubuntu3.3_all.deb ... 116s Unpacking cloud-init (24.1.3-0ubuntu3.3) over (24.1.3-0ubuntu3.2) ... 117s Setting up cloud-init (24.1.3-0ubuntu3.3) ... 118s Processing triggers for man-db (2.12.0-4build2) ... 119s Processing triggers for rsyslog (8.2312.0-3ubuntu9) ... 120s Reading package lists... 121s Building dependency tree... 121s Reading state information... 121s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 124s autopkgtest [15:14:32]: rebooting testbed after setup commands that affected boot 164s autopkgtest [15:15:12]: testbed running kernel: Linux 6.5.0-35-generic #35~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue May 7 11:19:33 UTC 2 191s autopkgtest [15:15:39]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 320s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1.1ubuntu6 (dsc) [5056 B] 320s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1.1ubuntu6 (tar) [7983 kB] 320s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1.1ubuntu6 (diff) [49.2 kB] 322s gpgv: Signature made Tue Apr 16 09:55:57 2024 UTC 322s gpgv: using RSA key 568BF22A66337CBFC9A6B9B72C83DBC8E9BD0E37 322s gpgv: Can't check signature: No public key 322s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu6.dsc: no acceptable signature found 322s autopkgtest [15:17:50]: testing package sssd version 2.9.4-1.1ubuntu6 324s autopkgtest [15:17:52]: build not needed 328s autopkgtest [15:17:56]: test ldap-user-group-ldap-auth: preparing testbed 337s Reading package lists... 338s Building dependency tree... 338s Reading state information... 338s Starting pkgProblemResolver with broken count: 0 338s Starting 2 pkgProblemResolver with broken count: 0 338s Done 339s The following additional packages will be installed: 339s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 339s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 339s libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 339s libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 339s libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 339s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 339s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 339s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 339s libverto-libevent1t64 libverto1t64 libwbclient0 python3-libipa-hbac 339s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 339s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 339s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 339s tcl8.6 339s Suggested packages: 339s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 339s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 339s Recommended packages: 339s cracklib-runtime libsasl2-modules-gssapi-mit 339s | libsasl2-modules-gssapi-heimdal 339s The following NEW packages will be installed: 339s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 339s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 339s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 339s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 339s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 339s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 339s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 339s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 339s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 339s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 339s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 339s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 339s tcl-expect tcl8.6 339s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 339s Need to get 11.9 MB/11.9 MB of archives. 339s After this operation, 35.9 MB of additional disk space will be used. 339s Get:1 /tmp/autopkgtest.f2NMSQ/1-autopkgtest-satdep.deb autopkgtest-satdep armhf 0 [868 B] 340s Get:2 http://ftpmaster.internal/ubuntu noble/main armhf libltdl7 armhf 2.4.7-7build1 [37.6 kB] 340s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main armhf libodbc2 armhf 2.3.12-1ubuntu0.24.04.1 [144 kB] 340s Get:4 http://ftpmaster.internal/ubuntu noble/main armhf slapd armhf 2.6.7+dfsg-1~exp1ubuntu8 [1434 kB] 340s Get:5 http://ftpmaster.internal/ubuntu noble/main armhf libtcl8.6 armhf 8.6.14+dfsg-1build1 [903 kB] 340s Get:6 http://ftpmaster.internal/ubuntu noble/main armhf tcl8.6 armhf 8.6.14+dfsg-1build1 [14.6 kB] 340s Get:7 http://ftpmaster.internal/ubuntu noble/universe armhf tcl-expect armhf 5.45.4-3 [99.5 kB] 340s Get:8 http://ftpmaster.internal/ubuntu noble/universe armhf expect armhf 5.45.4-3 [136 kB] 340s Get:9 http://ftpmaster.internal/ubuntu noble/main armhf ldap-utils armhf 2.6.7+dfsg-1~exp1ubuntu8 [132 kB] 340s Get:10 http://ftpmaster.internal/ubuntu noble/main armhf libavahi-common-data armhf 0.8-13ubuntu6 [29.7 kB] 340s Get:11 http://ftpmaster.internal/ubuntu noble/main armhf libavahi-common3 armhf 0.8-13ubuntu6 [20.2 kB] 340s Get:12 http://ftpmaster.internal/ubuntu noble/main armhf libavahi-client3 armhf 0.8-13ubuntu6 [24.2 kB] 340s Get:13 http://ftpmaster.internal/ubuntu noble/main armhf libbasicobjects0t64 armhf 0.6.2-2.1build1 [5410 B] 340s Get:14 http://ftpmaster.internal/ubuntu noble/main armhf libcares2 armhf 1.27.0-1.0ubuntu1 [62.7 kB] 340s Get:15 http://ftpmaster.internal/ubuntu noble/main armhf libcollection4t64 armhf 0.6.2-2.1build1 [18.7 kB] 340s Get:16 http://ftpmaster.internal/ubuntu noble/main armhf libcrack2 armhf 2.9.6-5.1build2 [27.4 kB] 340s Get:17 http://ftpmaster.internal/ubuntu noble/main armhf libdhash1t64 armhf 0.6.2-2.1build1 [7880 B] 340s Get:18 http://ftpmaster.internal/ubuntu noble/main armhf libevent-2.1-7t64 armhf 2.1.12-stable-9ubuntu2 [127 kB] 340s Get:19 http://ftpmaster.internal/ubuntu noble/main armhf libpath-utils1t64 armhf 0.6.2-2.1build1 [7766 B] 340s Get:20 http://ftpmaster.internal/ubuntu noble/main armhf libref-array1t64 armhf 0.6.2-2.1build1 [6330 B] 340s Get:21 http://ftpmaster.internal/ubuntu noble/main armhf libini-config5t64 armhf 0.6.2-2.1build1 [37.2 kB] 340s Get:22 http://ftpmaster.internal/ubuntu noble/main armhf libipa-hbac0t64 armhf 2.9.4-1.1ubuntu6 [16.9 kB] 340s Get:23 http://ftpmaster.internal/ubuntu noble/universe armhf libjose0 armhf 13-1 [39.4 kB] 340s Get:24 http://ftpmaster.internal/ubuntu noble/main armhf libverto-libevent1t64 armhf 0.3.1-1.2ubuntu3 [6324 B] 340s Get:25 http://ftpmaster.internal/ubuntu noble/main armhf libverto1t64 armhf 0.3.1-1.2ubuntu3 [9364 B] 340s Get:26 http://ftpmaster.internal/ubuntu noble/main armhf libkrad0 armhf 1.20.1-6ubuntu2 [20.1 kB] 340s Get:27 http://ftpmaster.internal/ubuntu noble/main armhf libtalloc2 armhf 2.4.2-1build2 [25.9 kB] 340s Get:28 http://ftpmaster.internal/ubuntu noble/main armhf libtdb1 armhf 1.4.10-1build1 [43.1 kB] 340s Get:29 http://ftpmaster.internal/ubuntu noble/main armhf libtevent0t64 armhf 0.16.1-2build1 [38.1 kB] 340s Get:30 http://ftpmaster.internal/ubuntu noble/main armhf libldb2 armhf 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [163 kB] 340s Get:31 http://ftpmaster.internal/ubuntu noble/main armhf libnfsidmap1 armhf 1:2.6.4-3ubuntu5 [54.6 kB] 340s Get:32 http://ftpmaster.internal/ubuntu noble/universe armhf libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 340s Get:33 http://ftpmaster.internal/ubuntu noble/main armhf libpwquality-common all 1.4.5-3build1 [7748 B] 340s Get:34 http://ftpmaster.internal/ubuntu noble/main armhf libpwquality1 armhf 1.4.5-3build1 [12.2 kB] 340s Get:35 http://ftpmaster.internal/ubuntu noble/main armhf libpam-pwquality armhf 1.4.5-3build1 [11.4 kB] 340s Get:36 http://ftpmaster.internal/ubuntu noble/main armhf libwbclient0 armhf 2:4.19.5+dfsg-4ubuntu9 [67.5 kB] 340s Get:37 http://ftpmaster.internal/ubuntu noble/main armhf samba-libs armhf 2:4.19.5+dfsg-4ubuntu9 [5693 kB] 341s Get:38 http://ftpmaster.internal/ubuntu noble/main armhf libsmbclient0 armhf 2:4.19.5+dfsg-4ubuntu9 [57.4 kB] 341s Get:39 http://ftpmaster.internal/ubuntu noble/main armhf libnss-sss armhf 2.9.4-1.1ubuntu6 [29.2 kB] 341s Get:40 http://ftpmaster.internal/ubuntu noble/main armhf libpam-sss armhf 2.9.4-1.1ubuntu6 [45.2 kB] 341s Get:41 http://ftpmaster.internal/ubuntu noble/main armhf python3-sss armhf 2.9.4-1.1ubuntu6 [45.9 kB] 341s Get:42 http://ftpmaster.internal/ubuntu noble/main armhf libsss-certmap0 armhf 2.9.4-1.1ubuntu6 [42.6 kB] 341s Get:43 http://ftpmaster.internal/ubuntu noble/main armhf libsss-idmap0 armhf 2.9.4-1.1ubuntu6 [20.1 kB] 341s Get:44 http://ftpmaster.internal/ubuntu noble/main armhf libsss-nss-idmap0 armhf 2.9.4-1.1ubuntu6 [27.6 kB] 341s Get:45 http://ftpmaster.internal/ubuntu noble/main armhf sssd-common armhf 2.9.4-1.1ubuntu6 [1068 kB] 341s Get:46 http://ftpmaster.internal/ubuntu noble/universe armhf sssd-idp armhf 2.9.4-1.1ubuntu6 [24.8 kB] 341s Get:47 http://ftpmaster.internal/ubuntu noble/universe armhf sssd-passkey armhf 2.9.4-1.1ubuntu6 [29.2 kB] 341s Get:48 http://ftpmaster.internal/ubuntu noble/main armhf sssd-ad-common armhf 2.9.4-1.1ubuntu6 [69.2 kB] 341s Get:49 http://ftpmaster.internal/ubuntu noble/main armhf sssd-krb5-common armhf 2.9.4-1.1ubuntu6 [81.2 kB] 341s Get:50 http://ftpmaster.internal/ubuntu noble/main armhf sssd-ad armhf 2.9.4-1.1ubuntu6 [129 kB] 341s Get:51 http://ftpmaster.internal/ubuntu noble/main armhf sssd-ipa armhf 2.9.4-1.1ubuntu6 [212 kB] 341s Get:52 http://ftpmaster.internal/ubuntu noble/main armhf sssd-krb5 armhf 2.9.4-1.1ubuntu6 [14.1 kB] 341s Get:53 http://ftpmaster.internal/ubuntu noble/main armhf sssd-ldap armhf 2.9.4-1.1ubuntu6 [31.1 kB] 341s Get:54 http://ftpmaster.internal/ubuntu noble/main armhf sssd-proxy armhf 2.9.4-1.1ubuntu6 [43.5 kB] 341s Get:55 http://ftpmaster.internal/ubuntu noble/main armhf sssd armhf 2.9.4-1.1ubuntu6 [4118 B] 341s Get:56 http://ftpmaster.internal/ubuntu noble/main armhf sssd-dbus armhf 2.9.4-1.1ubuntu6 [94.2 kB] 341s Get:57 http://ftpmaster.internal/ubuntu noble/universe armhf sssd-kcm armhf 2.9.4-1.1ubuntu6 [129 kB] 341s Get:58 http://ftpmaster.internal/ubuntu noble/main armhf sssd-tools armhf 2.9.4-1.1ubuntu6 [94.8 kB] 341s Get:59 http://ftpmaster.internal/ubuntu noble/main armhf libipa-hbac-dev armhf 2.9.4-1.1ubuntu6 [6672 B] 341s Get:60 http://ftpmaster.internal/ubuntu noble/main armhf libsss-certmap-dev armhf 2.9.4-1.1ubuntu6 [5736 B] 341s Get:61 http://ftpmaster.internal/ubuntu noble/main armhf libsss-idmap-dev armhf 2.9.4-1.1ubuntu6 [8386 B] 341s Get:62 http://ftpmaster.internal/ubuntu noble/main armhf libsss-nss-idmap-dev armhf 2.9.4-1.1ubuntu6 [6718 B] 341s Get:63 http://ftpmaster.internal/ubuntu noble/universe armhf libsss-sudo armhf 2.9.4-1.1ubuntu6 [19.5 kB] 341s Get:64 http://ftpmaster.internal/ubuntu noble/universe armhf python3-libipa-hbac armhf 2.9.4-1.1ubuntu6 [14.6 kB] 341s Get:65 http://ftpmaster.internal/ubuntu noble/universe armhf python3-libsss-nss-idmap armhf 2.9.4-1.1ubuntu6 [8406 B] 341s Preconfiguring packages ... 342s Fetched 11.9 MB in 2s (6796 kB/s) 342s Selecting previously unselected package libltdl7:armhf. 342s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57905 files and directories currently installed.) 342s Preparing to unpack .../00-libltdl7_2.4.7-7build1_armhf.deb ... 342s Unpacking libltdl7:armhf (2.4.7-7build1) ... 342s Selecting previously unselected package libodbc2:armhf. 342s Preparing to unpack .../01-libodbc2_2.3.12-1ubuntu0.24.04.1_armhf.deb ... 342s Unpacking libodbc2:armhf (2.3.12-1ubuntu0.24.04.1) ... 342s Selecting previously unselected package slapd. 342s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu8_armhf.deb ... 342s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 342s Selecting previously unselected package libtcl8.6:armhf. 342s Preparing to unpack .../03-libtcl8.6_8.6.14+dfsg-1build1_armhf.deb ... 342s Unpacking libtcl8.6:armhf (8.6.14+dfsg-1build1) ... 342s Selecting previously unselected package tcl8.6. 342s Preparing to unpack .../04-tcl8.6_8.6.14+dfsg-1build1_armhf.deb ... 342s Unpacking tcl8.6 (8.6.14+dfsg-1build1) ... 343s Selecting previously unselected package tcl-expect:armhf. 343s Preparing to unpack .../05-tcl-expect_5.45.4-3_armhf.deb ... 343s Unpacking tcl-expect:armhf (5.45.4-3) ... 343s Selecting previously unselected package expect. 343s Preparing to unpack .../06-expect_5.45.4-3_armhf.deb ... 343s Unpacking expect (5.45.4-3) ... 343s Selecting previously unselected package ldap-utils. 343s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu8_armhf.deb ... 343s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 343s Selecting previously unselected package libavahi-common-data:armhf. 344s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu6_armhf.deb ... 344s Unpacking libavahi-common-data:armhf (0.8-13ubuntu6) ... 344s Selecting previously unselected package libavahi-common3:armhf. 344s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu6_armhf.deb ... 344s Unpacking libavahi-common3:armhf (0.8-13ubuntu6) ... 344s Selecting previously unselected package libavahi-client3:armhf. 344s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu6_armhf.deb ... 344s Unpacking libavahi-client3:armhf (0.8-13ubuntu6) ... 344s Selecting previously unselected package libbasicobjects0t64:armhf. 344s Preparing to unpack .../11-libbasicobjects0t64_0.6.2-2.1build1_armhf.deb ... 344s Unpacking libbasicobjects0t64:armhf (0.6.2-2.1build1) ... 344s Selecting previously unselected package libcares2:armhf. 344s Preparing to unpack .../12-libcares2_1.27.0-1.0ubuntu1_armhf.deb ... 344s Unpacking libcares2:armhf (1.27.0-1.0ubuntu1) ... 344s Selecting previously unselected package libcollection4t64:armhf. 344s Preparing to unpack .../13-libcollection4t64_0.6.2-2.1build1_armhf.deb ... 344s Unpacking libcollection4t64:armhf (0.6.2-2.1build1) ... 344s Selecting previously unselected package libcrack2:armhf. 344s Preparing to unpack .../14-libcrack2_2.9.6-5.1build2_armhf.deb ... 344s Unpacking libcrack2:armhf (2.9.6-5.1build2) ... 344s Selecting previously unselected package libdhash1t64:armhf. 344s Preparing to unpack .../15-libdhash1t64_0.6.2-2.1build1_armhf.deb ... 344s Unpacking libdhash1t64:armhf (0.6.2-2.1build1) ... 344s Selecting previously unselected package libevent-2.1-7t64:armhf. 344s Preparing to unpack .../16-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_armhf.deb ... 344s Unpacking libevent-2.1-7t64:armhf (2.1.12-stable-9ubuntu2) ... 344s Selecting previously unselected package libpath-utils1t64:armhf. 344s Preparing to unpack .../17-libpath-utils1t64_0.6.2-2.1build1_armhf.deb ... 344s Unpacking libpath-utils1t64:armhf (0.6.2-2.1build1) ... 344s Selecting previously unselected package libref-array1t64:armhf. 344s Preparing to unpack .../18-libref-array1t64_0.6.2-2.1build1_armhf.deb ... 344s Unpacking libref-array1t64:armhf (0.6.2-2.1build1) ... 344s Selecting previously unselected package libini-config5t64:armhf. 344s Preparing to unpack .../19-libini-config5t64_0.6.2-2.1build1_armhf.deb ... 344s Unpacking libini-config5t64:armhf (0.6.2-2.1build1) ... 344s Selecting previously unselected package libipa-hbac0t64. 344s Preparing to unpack .../20-libipa-hbac0t64_2.9.4-1.1ubuntu6_armhf.deb ... 344s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 344s Selecting previously unselected package libjose0:armhf. 344s Preparing to unpack .../21-libjose0_13-1_armhf.deb ... 344s Unpacking libjose0:armhf (13-1) ... 344s Selecting previously unselected package libverto-libevent1t64:armhf. 344s Preparing to unpack .../22-libverto-libevent1t64_0.3.1-1.2ubuntu3_armhf.deb ... 344s Unpacking libverto-libevent1t64:armhf (0.3.1-1.2ubuntu3) ... 344s Selecting previously unselected package libverto1t64:armhf. 344s Preparing to unpack .../23-libverto1t64_0.3.1-1.2ubuntu3_armhf.deb ... 344s Unpacking libverto1t64:armhf (0.3.1-1.2ubuntu3) ... 344s Selecting previously unselected package libkrad0:armhf. 344s Preparing to unpack .../24-libkrad0_1.20.1-6ubuntu2_armhf.deb ... 344s Unpacking libkrad0:armhf (1.20.1-6ubuntu2) ... 344s Selecting previously unselected package libtalloc2:armhf. 344s Preparing to unpack .../25-libtalloc2_2.4.2-1build2_armhf.deb ... 344s Unpacking libtalloc2:armhf (2.4.2-1build2) ... 344s Selecting previously unselected package libtdb1:armhf. 344s Preparing to unpack .../26-libtdb1_1.4.10-1build1_armhf.deb ... 344s Unpacking libtdb1:armhf (1.4.10-1build1) ... 344s Selecting previously unselected package libtevent0t64:armhf. 344s Preparing to unpack .../27-libtevent0t64_0.16.1-2build1_armhf.deb ... 344s Unpacking libtevent0t64:armhf (0.16.1-2build1) ... 344s Selecting previously unselected package libldb2:armhf. 344s Preparing to unpack .../28-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_armhf.deb ... 344s Unpacking libldb2:armhf (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 345s Selecting previously unselected package libnfsidmap1:armhf. 345s Preparing to unpack .../29-libnfsidmap1_1%3a2.6.4-3ubuntu5_armhf.deb ... 345s Unpacking libnfsidmap1:armhf (1:2.6.4-3ubuntu5) ... 345s Selecting previously unselected package libnss-sudo. 345s Preparing to unpack .../30-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 345s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 345s Selecting previously unselected package libpwquality-common. 345s Preparing to unpack .../31-libpwquality-common_1.4.5-3build1_all.deb ... 345s Unpacking libpwquality-common (1.4.5-3build1) ... 345s Selecting previously unselected package libpwquality1:armhf. 345s Preparing to unpack .../32-libpwquality1_1.4.5-3build1_armhf.deb ... 345s Unpacking libpwquality1:armhf (1.4.5-3build1) ... 345s Selecting previously unselected package libpam-pwquality:armhf. 345s Preparing to unpack .../33-libpam-pwquality_1.4.5-3build1_armhf.deb ... 345s Unpacking libpam-pwquality:armhf (1.4.5-3build1) ... 345s Selecting previously unselected package libwbclient0:armhf. 345s Preparing to unpack .../34-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 345s Unpacking libwbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 345s Selecting previously unselected package samba-libs:armhf. 345s Preparing to unpack .../35-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 345s Unpacking samba-libs:armhf (2:4.19.5+dfsg-4ubuntu9) ... 345s Selecting previously unselected package libsmbclient0:armhf. 345s Preparing to unpack .../36-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 345s Unpacking libsmbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 345s Selecting previously unselected package libnss-sss:armhf. 345s Preparing to unpack .../37-libnss-sss_2.9.4-1.1ubuntu6_armhf.deb ... 345s Unpacking libnss-sss:armhf (2.9.4-1.1ubuntu6) ... 345s Selecting previously unselected package libpam-sss:armhf. 345s Preparing to unpack .../38-libpam-sss_2.9.4-1.1ubuntu6_armhf.deb ... 345s Unpacking libpam-sss:armhf (2.9.4-1.1ubuntu6) ... 345s Selecting previously unselected package python3-sss. 345s Preparing to unpack .../39-python3-sss_2.9.4-1.1ubuntu6_armhf.deb ... 345s Unpacking python3-sss (2.9.4-1.1ubuntu6) ... 345s Selecting previously unselected package libsss-certmap0. 345s Preparing to unpack .../40-libsss-certmap0_2.9.4-1.1ubuntu6_armhf.deb ... 345s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6) ... 345s Selecting previously unselected package libsss-idmap0. 345s Preparing to unpack .../41-libsss-idmap0_2.9.4-1.1ubuntu6_armhf.deb ... 345s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6) ... 345s Selecting previously unselected package libsss-nss-idmap0. 345s Preparing to unpack .../42-libsss-nss-idmap0_2.9.4-1.1ubuntu6_armhf.deb ... 345s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 345s Selecting previously unselected package sssd-common. 345s Preparing to unpack .../43-sssd-common_2.9.4-1.1ubuntu6_armhf.deb ... 345s Unpacking sssd-common (2.9.4-1.1ubuntu6) ... 345s Selecting previously unselected package sssd-idp. 345s Preparing to unpack .../44-sssd-idp_2.9.4-1.1ubuntu6_armhf.deb ... 345s Unpacking sssd-idp (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package sssd-passkey. 346s Preparing to unpack .../45-sssd-passkey_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking sssd-passkey (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package sssd-ad-common. 346s Preparing to unpack .../46-sssd-ad-common_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package sssd-krb5-common. 346s Preparing to unpack .../47-sssd-krb5-common_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package sssd-ad. 346s Preparing to unpack .../48-sssd-ad_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking sssd-ad (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package sssd-ipa. 346s Preparing to unpack .../49-sssd-ipa_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking sssd-ipa (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package sssd-krb5. 346s Preparing to unpack .../50-sssd-krb5_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package sssd-ldap. 346s Preparing to unpack .../51-sssd-ldap_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking sssd-ldap (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package sssd-proxy. 346s Preparing to unpack .../52-sssd-proxy_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking sssd-proxy (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package sssd. 346s Preparing to unpack .../53-sssd_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking sssd (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package sssd-dbus. 346s Preparing to unpack .../54-sssd-dbus_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking sssd-dbus (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package sssd-kcm. 346s Preparing to unpack .../55-sssd-kcm_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking sssd-kcm (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package sssd-tools. 346s Preparing to unpack .../56-sssd-tools_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking sssd-tools (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package libipa-hbac-dev. 346s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package libsss-certmap-dev. 346s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package libsss-idmap-dev. 346s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu6) ... 346s Selecting previously unselected package libsss-nss-idmap-dev. 346s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1.1ubuntu6_armhf.deb ... 346s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu6) ... 347s Selecting previously unselected package libsss-sudo. 347s Preparing to unpack .../61-libsss-sudo_2.9.4-1.1ubuntu6_armhf.deb ... 347s Unpacking libsss-sudo (2.9.4-1.1ubuntu6) ... 347s Selecting previously unselected package python3-libipa-hbac. 347s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1.1ubuntu6_armhf.deb ... 347s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu6) ... 347s Selecting previously unselected package python3-libsss-nss-idmap. 347s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1.1ubuntu6_armhf.deb ... 347s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu6) ... 347s Selecting previously unselected package autopkgtest-satdep. 347s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 347s Unpacking autopkgtest-satdep (0) ... 347s Setting up libpwquality-common (1.4.5-3build1) ... 347s Setting up libnfsidmap1:armhf (1:2.6.4-3ubuntu5) ... 347s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6) ... 347s Setting up libbasicobjects0t64:armhf (0.6.2-2.1build1) ... 347s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 347s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu6) ... 347s Setting up libref-array1t64:armhf (0.6.2-2.1build1) ... 347s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu6) ... 347s Setting up libtdb1:armhf (1.4.10-1build1) ... 347s Setting up libcollection4t64:armhf (0.6.2-2.1build1) ... 347s Setting up libevent-2.1-7t64:armhf (2.1.12-stable-9ubuntu2) ... 347s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 347s Setting up libjose0:armhf (13-1) ... 347s Setting up libwbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 347s Setting up libtalloc2:armhf (2.4.2-1build2) ... 347s Setting up libpath-utils1t64:armhf (0.6.2-2.1build1) ... 347s Setting up libavahi-common-data:armhf (0.8-13ubuntu6) ... 347s Setting up libcares2:armhf (1.27.0-1.0ubuntu1) ... 347s Setting up libdhash1t64:armhf (0.6.2-2.1build1) ... 347s Setting up libtcl8.6:armhf (8.6.14+dfsg-1build1) ... 347s Setting up libltdl7:armhf (2.4.7-7build1) ... 347s Setting up libcrack2:armhf (2.9.6-5.1build2) ... 347s Setting up libodbc2:armhf (2.3.12-1ubuntu0.24.04.1) ... 347s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu6) ... 347s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 347s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 347s Setting up libini-config5t64:armhf (0.6.2-2.1build1) ... 347s Setting up libtevent0t64:armhf (0.16.1-2build1) ... 347s Setting up libnss-sss:armhf (2.9.4-1.1ubuntu6) ... 347s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 348s Creating new user openldap... done. 348s Creating initial configuration... done. 348s Creating LDAP directory... done. 348s apparmor_parser: Unable to replace "/usr/sbin/slapd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 348s 349s Setting up tcl8.6 (8.6.14+dfsg-1build1) ... 350s Setting up libsss-sudo (2.9.4-1.1ubuntu6) ... 350s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu6) ... 350s Setting up libavahi-common3:armhf (0.8-13ubuntu6) ... 350s Setting up tcl-expect:armhf (5.45.4-3) ... 350s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6) ... 350s Setting up libpwquality1:armhf (1.4.5-3build1) ... 350s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu6) ... 350s Setting up libldb2:armhf (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 350s Setting up libavahi-client3:armhf (0.8-13ubuntu6) ... 350s Setting up expect (5.45.4-3) ... 350s Setting up libpam-pwquality:armhf (1.4.5-3build1) ... 350s Setting up samba-libs:armhf (2:4.19.5+dfsg-4ubuntu9) ... 350s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu6) ... 350s Setting up python3-sss (2.9.4-1.1ubuntu6) ... 350s Setting up libsmbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 350s Setting up libpam-sss:armhf (2.9.4-1.1ubuntu6) ... 351s Setting up sssd-common (2.9.4-1.1ubuntu6) ... 351s Creating SSSD system user & group... 351s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 351s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 351s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 351s apparmor_parser: Unable to replace "/usr/sbin/sssd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 351s 352s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 353s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 353s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 353s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 353s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 354s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 354s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 356s sssd-autofs.service is a disabled or a static unit, not starting it. 356s sssd-nss.service is a disabled or a static unit, not starting it. 356s sssd-pam.service is a disabled or a static unit, not starting it. 356s sssd-ssh.service is a disabled or a static unit, not starting it. 356s sssd-sudo.service is a disabled or a static unit, not starting it. 356s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 356s Setting up sssd-proxy (2.9.4-1.1ubuntu6) ... 356s Setting up sssd-kcm (2.9.4-1.1ubuntu6) ... 356s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 357s sssd-kcm.service is a disabled or a static unit, not starting it. 357s Setting up sssd-dbus (2.9.4-1.1ubuntu6) ... 357s sssd-ifp.service is a disabled or a static unit, not starting it. 358s Setting up sssd-ad-common (2.9.4-1.1ubuntu6) ... 358s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 358s sssd-pac.service is a disabled or a static unit, not starting it. 358s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 358s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6) ... 358s Setting up sssd-krb5 (2.9.4-1.1ubuntu6) ... 358s Setting up sssd-ldap (2.9.4-1.1ubuntu6) ... 358s Setting up sssd-ad (2.9.4-1.1ubuntu6) ... 358s Setting up sssd-tools (2.9.4-1.1ubuntu6) ... 358s Setting up sssd-ipa (2.9.4-1.1ubuntu6) ... 358s Setting up sssd (2.9.4-1.1ubuntu6) ... 358s Setting up libverto-libevent1t64:armhf (0.3.1-1.2ubuntu3) ... 358s Setting up libverto1t64:armhf (0.3.1-1.2ubuntu3) ... 358s Setting up libkrad0:armhf (1.20.1-6ubuntu2) ... 358s Setting up sssd-passkey (2.9.4-1.1ubuntu6) ... 358s Setting up sssd-idp (2.9.4-1.1ubuntu6) ... 358s Setting up autopkgtest-satdep (0) ... 358s Processing triggers for libc-bin (2.39-0ubuntu8.2) ... 359s Processing triggers for ufw (0.36.2-6) ... 359s Processing triggers for man-db (2.12.0-4build2) ... 360s Processing triggers for dbus (1.14.10-4ubuntu4) ... 432s (Reading database ... 59195 files and directories currently installed.) 432s Removing autopkgtest-satdep (0) ... 438s autopkgtest [15:19:46]: test ldap-user-group-ldap-auth: [----------------------- 442s + . debian/tests/util 442s + . debian/tests/common-tests 442s + mydomain=example.com 442s + myhostname=ldap.example.com 442s + mysuffix=dc=example,dc=com 442s + admin_dn=cn=admin,dc=example,dc=com 442s + admin_pw=secret 442s + ldap_user=testuser1 442s + ldap_user_pw=testuser1secret 442s + ldap_group=ldapusers 442s + adjust_hostname ldap.example.com 442s + local myhostname=ldap.example.com 442s + echo ldap.example.com 442s + hostname ldap.example.com 442s + grep -qE ldap.example.com /etc/hosts 442s + echo 127.0.1.10 ldap.example.com 442s + reconfigure_slapd 442s + debconf-set-selections 442s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 442s + dpkg-reconfigure -fnoninteractive -pcritical slapd 443s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 443s Moving old database directory to /var/backups: 443s - directory unknown... done. 443s Creating initial configuration... done. 443s Creating LDAP directory... done. 443s apparmor_parser: Unable to replace "/usr/sbin/slapd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 443s 444s + generate_certs ldap.example.com 444s + local cn=ldap.example.com 444s + local cert=/etc/ldap/server.pem 444s + local key=/etc/ldap/server.key 444s + local cnf=/etc/ldap/openssl.cnf 444s + cat 444s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 445s ...............................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 445s ................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 445s ----- 445s + chmod 0640 /etc/ldap/server.key 445s + chgrp openldap /etc/ldap/server.key 445s + [ ! -f /etc/ldap/server.pem ] 445s + [ ! -f /etc/ldap/server.key ] 445s + enable_ldap_ssl 445s + cat 445s + + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 445s cat 445s + populate_ldap_rfc2307 445s + cat 445s modifying entry "cn=config" 445s 445s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 445s adding new entry "ou=People,dc=example,dc=com" 445s 445s adding new entry "ou=Group,dc=example,dc=com" 445s 445s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 445s 445s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 445s 445s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 445s 445s + configure_sssd_ldap_rfc2307 445s + cat 445s + chmod 0600 /etc/sssd/sssd.conf 445s + systemctl restart sssd 446s + enable_pam_mkhomedir 446s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 446s + echo session optional pam_mkhomedir.so 446s + run_common_tests 446s + echo Assert local user databases do not have our LDAP test data 446s + check_local_user testuser1 446s + local local_user=testuser1 446s + grep -q ^testuser1 /etc/passwd 446s + check_local_group testuser1 446s + local local_group=testuser1 446s + grep -q ^testuser1 /etc/group 446s + check_local_group ldapusers 446s + local local_group=ldapusers 446s + grep -q ^ldapusers /etc/group 446s + echo The LDAP user is known to the system via getent 446s + check_getent_user testuser1 446s + local getent_user=testuser1 446s + local output 446s + getent passwdAssert local user databases do not have our LDAP test data 446s The LDAP user is known to the system via getent 446s The LDAP user's private group is known to the system via getent 446s testuser1 446s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 446s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 446s + echo The LDAP user's private group is known to the system via getent 446s + check_getent_group testuser1 446s + local getent_group=testuser1 446s + local output 446s + getent group testuser1 446s The LDAP group ldapusers is known to the system via getent 446s + output=testuser1:*:10001:testuser1 446s + [ -z testuser1:*:10001:testuser1 ] 446s + echo The LDAP group ldapusers is known to the system via getent 446s + check_getent_group ldapusers 446s + local getent_group=ldapusers 446s + local output 446s + getent group ldapusers 446s + output=ldapusers:*:10100:testuser1 446s + [ -z ldapusers:*:10100:testuser1 ] 446s + echo The id(1) command can resolve the group membership of the LDAP user 446s The id(1) command can resolve the group membership of the LDAP user 446s + id -Gn testuser1 446s + output=testuser1 ldapusers 446s + [ testuser1 ldapusers != testuser1 ldapusers ] 446s + echo The LDAP user can login on a terminal 446s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 446s The LDAP user can login on a terminal 446s spawn login 446s ldap.example.com login: testuser1 446s Password: 446s Welcome to Ubuntu 24.04 LTS (GNU/Linux 6.5.0-35-generic armv7l) 446s 446s * Documentation: https://help.ubuntu.com 446s * Management: https://landscape.canonical.com 446s * Support: https://ubuntu.com/pro 446s 446s 446s The programs included with the Ubuntu system are free software; 446s the exact distribution terms for each program are described in the 446s individual files in /usr/share/doc/*/copyright. 446s 446s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 446s applicable law. 446s 446s 446s The programs included with the Ubuntu system are free software; 446s the exact distribution terms for each program are described in the 446s individual files in /usr/share/doc/*/copyright. 446s 446s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 446s applicable law. 446s 446s Creating directory '/home/testuser1'. 446s testuser1@ldap:~$ id -un 446s testuser1 447s testuser1@ldap:~$ autopkgtest [15:19:55]: test ldap-user-group-ldap-auth: -----------------------] 451s autopkgtest [15:19:59]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 451s ldap-user-group-ldap-auth PASS 454s autopkgtest [15:20:02]: test ldap-user-group-krb5-auth: preparing testbed 464s Reading package lists... 464s Building dependency tree... 464s Reading state information... 465s Starting pkgProblemResolver with broken count: 0 465s Starting 2 pkgProblemResolver with broken count: 0 465s Done 466s The following additional packages will be installed: 466s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 466s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 466s Suggested packages: 466s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 466s The following NEW packages will be installed: 466s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 466s libgssrpc4t64 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 466s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 466s Need to get 561 kB/561 kB of archives. 466s After this operation, 1649 kB of additional disk space will be used. 466s Get:1 /tmp/autopkgtest.f2NMSQ/2-autopkgtest-satdep.deb autopkgtest-satdep armhf 0 [888 B] 466s Get:2 http://ftpmaster.internal/ubuntu noble/main armhf krb5-config all 2.7 [22.0 kB] 466s Get:3 http://ftpmaster.internal/ubuntu noble/main armhf libgssrpc4t64 armhf 1.20.1-6ubuntu2 [51.5 kB] 466s Get:4 http://ftpmaster.internal/ubuntu noble/main armhf libkadm5clnt-mit12 armhf 1.20.1-6ubuntu2 [35.3 kB] 466s Get:5 http://ftpmaster.internal/ubuntu noble/main armhf libkdb5-10t64 armhf 1.20.1-6ubuntu2 [35.0 kB] 466s Get:6 http://ftpmaster.internal/ubuntu noble/main armhf libkadm5srv-mit12 armhf 1.20.1-6ubuntu2 [45.7 kB] 466s Get:7 http://ftpmaster.internal/ubuntu noble/universe armhf krb5-user armhf 1.20.1-6ubuntu2 [110 kB] 467s Get:8 http://ftpmaster.internal/ubuntu noble/universe armhf krb5-kdc armhf 1.20.1-6ubuntu2 [170 kB] 467s Get:9 http://ftpmaster.internal/ubuntu noble/universe armhf krb5-admin-server armhf 1.20.1-6ubuntu2 [91.1 kB] 468s Preconfiguring packages ... 470s Fetched 561 kB in 1s (793 kB/s) 470s Selecting previously unselected package krb5-config. 470s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 59195 files and directories currently installed.) 470s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 470s Unpacking krb5-config (2.7) ... 470s Selecting previously unselected package libgssrpc4t64:armhf. 470s Preparing to unpack .../1-libgssrpc4t64_1.20.1-6ubuntu2_armhf.deb ... 470s Unpacking libgssrpc4t64:armhf (1.20.1-6ubuntu2) ... 470s Selecting previously unselected package libkadm5clnt-mit12:armhf. 470s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-6ubuntu2_armhf.deb ... 470s Unpacking libkadm5clnt-mit12:armhf (1.20.1-6ubuntu2) ... 470s Selecting previously unselected package libkdb5-10t64:armhf. 470s Preparing to unpack .../3-libkdb5-10t64_1.20.1-6ubuntu2_armhf.deb ... 470s Unpacking libkdb5-10t64:armhf (1.20.1-6ubuntu2) ... 470s Selecting previously unselected package libkadm5srv-mit12:armhf. 470s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-6ubuntu2_armhf.deb ... 470s Unpacking libkadm5srv-mit12:armhf (1.20.1-6ubuntu2) ... 470s Selecting previously unselected package krb5-user. 470s Preparing to unpack .../5-krb5-user_1.20.1-6ubuntu2_armhf.deb ... 470s Unpacking krb5-user (1.20.1-6ubuntu2) ... 470s Selecting previously unselected package krb5-kdc. 470s Preparing to unpack .../6-krb5-kdc_1.20.1-6ubuntu2_armhf.deb ... 470s Unpacking krb5-kdc (1.20.1-6ubuntu2) ... 470s Selecting previously unselected package krb5-admin-server. 470s Preparing to unpack .../7-krb5-admin-server_1.20.1-6ubuntu2_armhf.deb ... 470s Unpacking krb5-admin-server (1.20.1-6ubuntu2) ... 470s Selecting previously unselected package autopkgtest-satdep. 470s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 470s Unpacking autopkgtest-satdep (0) ... 470s Setting up libgssrpc4t64:armhf (1.20.1-6ubuntu2) ... 470s Setting up krb5-config (2.7) ... 471s Setting up libkadm5clnt-mit12:armhf (1.20.1-6ubuntu2) ... 471s Setting up libkdb5-10t64:armhf (1.20.1-6ubuntu2) ... 471s Setting up libkadm5srv-mit12:armhf (1.20.1-6ubuntu2) ... 471s Setting up krb5-user (1.20.1-6ubuntu2) ... 471s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 471s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 471s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 471s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 471s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 471s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 471s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 471s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 471s Setting up krb5-kdc (1.20.1-6ubuntu2) ... 472s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 472s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 473s Setting up krb5-admin-server (1.20.1-6ubuntu2) ... 473s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 474s Setting up autopkgtest-satdep (0) ... 474s Processing triggers for man-db (2.12.0-4build2) ... 475s Processing triggers for libc-bin (2.39-0ubuntu8.2) ... 549s (Reading database ... 59290 files and directories currently installed.) 549s Removing autopkgtest-satdep (0) ... 556s autopkgtest [15:21:44]: test ldap-user-group-krb5-auth: [----------------------- 561s + . debian/tests/util 561s + . debian/tests/common-tests 561s + mydomain=example.com 561s + myhostname=ldap.example.com 561s + mysuffix=dc=example,dc=com 561s + myrealm=EXAMPLE.COM 561s + admin_dn=cn=admin,dc=example,dc=com 561s + admin_pw=secret 561s + ldap_user=testuser1 561s + ldap_user_pw=testuser1secret 561s + kerberos_principal_pw=testuser1kerberos 561s + ldap_group=ldapusers 561s + adjust_hostname ldap.example.com 561s + local myhostname=ldap.example.com 561s + echo ldap.example.com 561s + hostname ldap.example.com 561s + grep -qE ldap.example.com /etc/hosts 561s + reconfigure_slapd 561s + debconf-set-selections 562s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu8-20240614-151951.ldapdb 562s + dpkg-reconfigure -fnoninteractive -pcritical slapd 565s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 565s Moving old database directory to /var/backups: 565s - directory unknown... done. 565s Creating initial configuration... done. 565s Creating LDAP directory... done. 566s apparmor_parser: Unable to replace "/usr/sbin/slapd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 566s 567s + generate_certs ldap.example.com 567s + local cn=ldap.example.com 567s + local cert=/etc/ldap/server.pem 567s + local key=/etc/ldap/server.key 567s + local cnf=/etc/ldap/openssl.cnf 567s + cat 567s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 567s ..........++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 567s ..........++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 567s ----- 567s + chmod 0640 /etc/ldap/server.key 567s + chgrp openldap /etc/ldap/server.key 567s + [ ! -f /etc/ldap/server.pem ] 567s + [ ! -f /etc/ldap/server.key ] 567s + enable_ldap_ssl 567s + cat 567s + cat 567s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 567s + populate_ldap_rfc2307 567s modifying entry "cn=config" 567s 567s + cat 567s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 567s adding new entry "ou=People,dc=example,dc=com" 567s 567s adding new entry "ou=Group,dc=example,dc=com" 567s 567s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 567s 567s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 567s 567s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 567s 567s + create_realm EXAMPLE.COM ldap.example.com 567s + local realm_name=EXAMPLE.COM 567s + local kerberos_server=ldap.example.com 567s + rm -rf /var/lib/krb5kdc/* 567s + rm -rf /etc/krb5kdc/kdc.conf 567s + rm -f /etc/krb5.keytab 567s + cat 567s + cat 567s + echo # */admin * 567s + kdb5_util create -s -P secretpassword 568s + systemctl restart krb5-kdc.service krb5-admin-server.service 568s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 568s master key name 'K/M@EXAMPLE.COM' 569s + create_krb_principal testuser1 testuser1kerberos 569s + local principal=testuser1 569s + local password=testuser1kerberos 569s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 569s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 569s Authenticating as principal root/admin@EXAMPLE.COM with password. 569s Principal "testuser1@EXAMPLE.COM" created. 569s + configure_sssd_ldap_rfc2307_krb5_auth 569s + cat 569s + chmod 0600 /etc/sssd/sssd.conf 569s + systemctl restart sssd 569s + enable_pam_mkhomedir 569s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 569s + run_common_tests 569s + echo Assert local user databases do not have our LDAP test data 569s + check_local_user testuser1 569s + local local_user=testuser1 569s + grep -q ^testuser1 /etc/passwd 569s Assert local user databases do not have our LDAP test data 569s + check_local_group testuser1 569s + local local_group=testuser1 569s + grep -q ^testuser1 /etc/group 569s + check_local_group ldapusers 569s + local local_group=ldapusers 569s + grep -q ^ldapusers /etc/group 569s The LDAP user is known to the system via getent 569s + echo The LDAP user is known to the system via getent 569s + check_getent_user testuser1 569s + local getent_user=testuser1 569s + local output 569s + The LDAP user's private group is known to the system via getent 569s The LDAP group ldapusers is known to the system via getent 569s getent passwd testuser1 569s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 569s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 569s + echo The LDAP user's private group is known to the system via getent 569s + check_getent_group testuser1 569s + local getent_group=testuser1 569s + local output 569s + getent group testuser1 569s + output=testuser1:*:10001:testuser1 569s + [ -z testuser1:*:10001:testuser1 ] 569s + echo The LDAP group ldapusers is known to the system via getent 569s + check_getent_group ldapusers 569s + local getent_group=ldapusers 569s + local output 569s + getent group ldapusers 569s + output=ldapusers:*:10100:testuser1 569s + [ -z ldapusers:*:10100:testuser1 ] 569s + echo The id(1) command can resolve the group membership of the LDAP user 569s The id(1) command can resolve the group membership of the LDAP user 569s + id -Gn testuser1 570s + output=testuser1 ldapusers 570s + [ testuser1 ldapusers != testuser1 ldapusers ] 570s + echo The Kerberos principal can login on a terminal 570s + kdestroy 570s The Kerberos principal can login on a terminal 570s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 570s spawn login 570s ldap.example.com login: testuser1 570s Password: 570s Welcome to Ubuntu 24.04 LTS (GNU/Linux 6.5.0-35-generic armv7l) 570s 570s * Documentation: https://help.ubuntu.com 570s * Management: https://landscape.canonical.com 570s * Support: https://ubuntu.com/pro 570s 570s 570s The programs included with the Ubuntu system are free software; 570s the exact distribution terms for each program are described in the 570s individual files in /usr/share/doc/*/copyright. 570s 570s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 570s applicable law. 570s 571s testuser1@ldap:~$ id -un 571s testuser1 571s testuser1@ldap:~$ klist 571s Ticket cache: FILE:/tmp/krb5cc_10001_bO3dJY 571s Default principal: testuser1@EXAMPLE.COM 571s 571s Valid starting Expires Service principal 571s 06/14/24 15:21:58 06/15/24 01:21:58 krbtgt/EXAMPLE.COM@EXAMPLE.COM 571s renew until 06/15/24 15:21:58 571s autopkgtest [15:21:59]: test ldap-user-group-krb5-auth: -----------------------] 575s autopkgtest [15:22:03]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 575s ldap-user-group-krb5-auth PASS 579s autopkgtest [15:22:07]: test sssd-softhism2-certificates-tests.sh: preparing testbed 619s autopkgtest [15:22:47]: testbed dpkg architecture: armhf 621s autopkgtest [15:22:49]: testbed apt version: 2.7.14build2 621s autopkgtest [15:22:49]: @@@@@@@@@@@@@@@@@@@@ test bed setup 633s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 634s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [5468 B] 635s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [10.5 kB] 635s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [12.9 kB] 635s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [22.6 kB] 635s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main armhf Packages [32.4 kB] 635s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main armhf c-n-f Metadata [2492 B] 635s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted armhf Packages [2776 B] 635s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted armhf c-n-f Metadata [116 B] 635s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe armhf Packages [41.2 kB] 635s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe armhf c-n-f Metadata [7776 B] 635s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse armhf Packages [764 B] 635s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse armhf c-n-f Metadata [116 B] 638s Fetched 404 kB in 2s (180 kB/s) 639s Reading package lists... 657s tee: /proc/self/fd/2: Permission denied 683s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 683s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 683s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 683s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 686s Reading package lists... 686s Reading package lists... 687s Building dependency tree... 687s Reading state information... 687s Calculating upgrade... 688s The following packages will be upgraded: 688s cloud-init login passwd 688s 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 688s Need to get 1616 kB of archives. 688s After this operation, 1024 B of additional disk space will be used. 688s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main armhf login armhf 1:4.13+dfsg1-4ubuntu3.2 [200 kB] 688s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main armhf passwd armhf 1:4.13+dfsg1-4ubuntu3.2 [818 kB] 688s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main armhf cloud-init all 24.1.3-0ubuntu3.3 [598 kB] 689s Preconfiguring packages ... 689s Fetched 1616 kB in 1s (2531 kB/s) 690s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57905 files and directories currently installed.) 690s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.2_armhf.deb ... 690s Unpacking login (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 690s Setting up login (1:4.13+dfsg1-4ubuntu3.2) ... 690s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57905 files and directories currently installed.) 690s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.2_armhf.deb ... 690s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 690s Setting up passwd (1:4.13+dfsg1-4ubuntu3.2) ... 690s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57905 files and directories currently installed.) 690s Preparing to unpack .../cloud-init_24.1.3-0ubuntu3.3_all.deb ... 691s Unpacking cloud-init (24.1.3-0ubuntu3.3) over (24.1.3-0ubuntu3.2) ... 691s Setting up cloud-init (24.1.3-0ubuntu3.3) ... 692s Processing triggers for man-db (2.12.0-4build2) ... 694s Processing triggers for rsyslog (8.2312.0-3ubuntu9) ... 694s Reading package lists... 695s Building dependency tree... 695s Reading state information... 696s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 697s autopkgtest [15:24:05]: rebooting testbed after setup commands that affected boot 780s Reading package lists... 781s Building dependency tree... 781s Reading state information... 782s Starting pkgProblemResolver with broken count: 0 782s Starting 2 pkgProblemResolver with broken count: 0 782s Done 782s The following additional packages will be installed: 782s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 782s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 782s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 782s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 782s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 782s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 782s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 782s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 782s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 782s Suggested packages: 782s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 782s Recommended packages: 782s cracklib-runtime libsasl2-modules-gssapi-mit 782s | libsasl2-modules-gssapi-heimdal ldap-utils 783s The following NEW packages will be installed: 783s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 783s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 783s libdhash1t64 libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 783s libipa-hbac0t64 libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 783s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 783s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 783s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 783s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 783s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 783s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 783s Need to get 9537 kB/9538 kB of archives. 783s After this operation, 28.2 MB of additional disk space will be used. 783s Get:1 /tmp/autopkgtest.f2NMSQ/3-autopkgtest-satdep.deb autopkgtest-satdep armhf 0 [744 B] 784s Get:2 http://ftpmaster.internal/ubuntu noble/main armhf libevent-2.1-7t64 armhf 2.1.12-stable-9ubuntu2 [127 kB] 784s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main armhf libunbound8 armhf 1.19.2-1ubuntu3.1 [409 kB] 784s Get:4 http://ftpmaster.internal/ubuntu noble-updates/main armhf libgnutls-dane0t64 armhf 3.8.3-1.1ubuntu3.1 [33.3 kB] 784s Get:5 http://ftpmaster.internal/ubuntu noble-updates/universe armhf gnutls-bin armhf 3.8.3-1.1ubuntu3.1 [276 kB] 784s Get:6 http://ftpmaster.internal/ubuntu noble/main armhf libavahi-common-data armhf 0.8-13ubuntu6 [29.7 kB] 784s Get:7 http://ftpmaster.internal/ubuntu noble/main armhf libavahi-common3 armhf 0.8-13ubuntu6 [20.2 kB] 784s Get:8 http://ftpmaster.internal/ubuntu noble/main armhf libavahi-client3 armhf 0.8-13ubuntu6 [24.2 kB] 784s Get:9 http://ftpmaster.internal/ubuntu noble/main armhf libbasicobjects0t64 armhf 0.6.2-2.1build1 [5410 B] 784s Get:10 http://ftpmaster.internal/ubuntu noble/main armhf libcares2 armhf 1.27.0-1.0ubuntu1 [62.7 kB] 784s Get:11 http://ftpmaster.internal/ubuntu noble/main armhf libcollection4t64 armhf 0.6.2-2.1build1 [18.7 kB] 784s Get:12 http://ftpmaster.internal/ubuntu noble/main armhf libcrack2 armhf 2.9.6-5.1build2 [27.4 kB] 784s Get:13 http://ftpmaster.internal/ubuntu noble/main armhf libdhash1t64 armhf 0.6.2-2.1build1 [7880 B] 784s Get:14 http://ftpmaster.internal/ubuntu noble/main armhf libpath-utils1t64 armhf 0.6.2-2.1build1 [7766 B] 784s Get:15 http://ftpmaster.internal/ubuntu noble/main armhf libref-array1t64 armhf 0.6.2-2.1build1 [6330 B] 784s Get:16 http://ftpmaster.internal/ubuntu noble/main armhf libini-config5t64 armhf 0.6.2-2.1build1 [37.2 kB] 784s Get:17 http://ftpmaster.internal/ubuntu noble/main armhf libipa-hbac0t64 armhf 2.9.4-1.1ubuntu6 [16.9 kB] 784s Get:18 http://ftpmaster.internal/ubuntu noble/main armhf libtalloc2 armhf 2.4.2-1build2 [25.9 kB] 784s Get:19 http://ftpmaster.internal/ubuntu noble/main armhf libtdb1 armhf 1.4.10-1build1 [43.1 kB] 784s Get:20 http://ftpmaster.internal/ubuntu noble/main armhf libtevent0t64 armhf 0.16.1-2build1 [38.1 kB] 784s Get:21 http://ftpmaster.internal/ubuntu noble/main armhf libldb2 armhf 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [163 kB] 784s Get:22 http://ftpmaster.internal/ubuntu noble/main armhf libnfsidmap1 armhf 1:2.6.4-3ubuntu5 [54.6 kB] 784s Get:23 http://ftpmaster.internal/ubuntu noble/main armhf libpwquality-common all 1.4.5-3build1 [7748 B] 784s Get:24 http://ftpmaster.internal/ubuntu noble/main armhf libpwquality1 armhf 1.4.5-3build1 [12.2 kB] 784s Get:25 http://ftpmaster.internal/ubuntu noble/main armhf libpam-pwquality armhf 1.4.5-3build1 [11.4 kB] 784s Get:26 http://ftpmaster.internal/ubuntu noble/main armhf libwbclient0 armhf 2:4.19.5+dfsg-4ubuntu9 [67.5 kB] 784s Get:27 http://ftpmaster.internal/ubuntu noble/main armhf samba-libs armhf 2:4.19.5+dfsg-4ubuntu9 [5693 kB] 785s Get:28 http://ftpmaster.internal/ubuntu noble/main armhf libsmbclient0 armhf 2:4.19.5+dfsg-4ubuntu9 [57.4 kB] 785s Get:29 http://ftpmaster.internal/ubuntu noble/universe armhf softhsm2-common armhf 2.6.1-2.2ubuntu3 [6194 B] 785s Get:30 http://ftpmaster.internal/ubuntu noble/universe armhf libsofthsm2 armhf 2.6.1-2.2ubuntu3 [230 kB] 785s Get:31 http://ftpmaster.internal/ubuntu noble/universe armhf softhsm2 armhf 2.6.1-2.2ubuntu3 [155 kB] 785s Get:32 http://ftpmaster.internal/ubuntu noble/main armhf python3-sss armhf 2.9.4-1.1ubuntu6 [45.9 kB] 785s Get:33 http://ftpmaster.internal/ubuntu noble/main armhf libsss-idmap0 armhf 2.9.4-1.1ubuntu6 [20.1 kB] 785s Get:34 http://ftpmaster.internal/ubuntu noble/main armhf libnss-sss armhf 2.9.4-1.1ubuntu6 [29.2 kB] 785s Get:35 http://ftpmaster.internal/ubuntu noble/main armhf libpam-sss armhf 2.9.4-1.1ubuntu6 [45.2 kB] 785s Get:36 http://ftpmaster.internal/ubuntu noble/main armhf libsss-certmap0 armhf 2.9.4-1.1ubuntu6 [42.6 kB] 785s Get:37 http://ftpmaster.internal/ubuntu noble/main armhf libsss-nss-idmap0 armhf 2.9.4-1.1ubuntu6 [27.6 kB] 785s Get:38 http://ftpmaster.internal/ubuntu noble/main armhf sssd-common armhf 2.9.4-1.1ubuntu6 [1068 kB] 785s Get:39 http://ftpmaster.internal/ubuntu noble/main armhf sssd-ad-common armhf 2.9.4-1.1ubuntu6 [69.2 kB] 785s Get:40 http://ftpmaster.internal/ubuntu noble/main armhf sssd-krb5-common armhf 2.9.4-1.1ubuntu6 [81.2 kB] 785s Get:41 http://ftpmaster.internal/ubuntu noble/main armhf sssd-ad armhf 2.9.4-1.1ubuntu6 [129 kB] 785s Get:42 http://ftpmaster.internal/ubuntu noble/main armhf sssd-ipa armhf 2.9.4-1.1ubuntu6 [212 kB] 785s Get:43 http://ftpmaster.internal/ubuntu noble/main armhf sssd-krb5 armhf 2.9.4-1.1ubuntu6 [14.1 kB] 785s Get:44 http://ftpmaster.internal/ubuntu noble/main armhf sssd-ldap armhf 2.9.4-1.1ubuntu6 [31.1 kB] 785s Get:45 http://ftpmaster.internal/ubuntu noble/main armhf sssd-proxy armhf 2.9.4-1.1ubuntu6 [43.5 kB] 785s Get:46 http://ftpmaster.internal/ubuntu noble/main armhf sssd armhf 2.9.4-1.1ubuntu6 [4118 B] 787s Fetched 9537 kB in 2s (5607 kB/s) 787s Selecting previously unselected package libevent-2.1-7t64:armhf. 787s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57905 files and directories currently installed.) 787s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_armhf.deb ... 787s Unpacking libevent-2.1-7t64:armhf (2.1.12-stable-9ubuntu2) ... 787s Selecting previously unselected package libunbound8:armhf. 787s Preparing to unpack .../01-libunbound8_1.19.2-1ubuntu3.1_armhf.deb ... 787s Unpacking libunbound8:armhf (1.19.2-1ubuntu3.1) ... 787s Selecting previously unselected package libgnutls-dane0t64:armhf. 787s Preparing to unpack .../02-libgnutls-dane0t64_3.8.3-1.1ubuntu3.1_armhf.deb ... 787s Unpacking libgnutls-dane0t64:armhf (3.8.3-1.1ubuntu3.1) ... 787s Selecting previously unselected package gnutls-bin. 787s Preparing to unpack .../03-gnutls-bin_3.8.3-1.1ubuntu3.1_armhf.deb ... 787s Unpacking gnutls-bin (3.8.3-1.1ubuntu3.1) ... 787s Selecting previously unselected package libavahi-common-data:armhf. 787s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu6_armhf.deb ... 787s Unpacking libavahi-common-data:armhf (0.8-13ubuntu6) ... 788s Selecting previously unselected package libavahi-common3:armhf. 788s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu6_armhf.deb ... 788s Unpacking libavahi-common3:armhf (0.8-13ubuntu6) ... 788s Selecting previously unselected package libavahi-client3:armhf. 788s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu6_armhf.deb ... 788s Unpacking libavahi-client3:armhf (0.8-13ubuntu6) ... 788s Selecting previously unselected package libbasicobjects0t64:armhf. 788s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-2.1build1_armhf.deb ... 788s Unpacking libbasicobjects0t64:armhf (0.6.2-2.1build1) ... 788s Selecting previously unselected package libcares2:armhf. 788s Preparing to unpack .../08-libcares2_1.27.0-1.0ubuntu1_armhf.deb ... 788s Unpacking libcares2:armhf (1.27.0-1.0ubuntu1) ... 788s Selecting previously unselected package libcollection4t64:armhf. 788s Preparing to unpack .../09-libcollection4t64_0.6.2-2.1build1_armhf.deb ... 788s Unpacking libcollection4t64:armhf (0.6.2-2.1build1) ... 788s Selecting previously unselected package libcrack2:armhf. 788s Preparing to unpack .../10-libcrack2_2.9.6-5.1build2_armhf.deb ... 788s Unpacking libcrack2:armhf (2.9.6-5.1build2) ... 788s Selecting previously unselected package libdhash1t64:armhf. 788s Preparing to unpack .../11-libdhash1t64_0.6.2-2.1build1_armhf.deb ... 788s Unpacking libdhash1t64:armhf (0.6.2-2.1build1) ... 788s Selecting previously unselected package libpath-utils1t64:armhf. 788s Preparing to unpack .../12-libpath-utils1t64_0.6.2-2.1build1_armhf.deb ... 788s Unpacking libpath-utils1t64:armhf (0.6.2-2.1build1) ... 788s Selecting previously unselected package libref-array1t64:armhf. 788s Preparing to unpack .../13-libref-array1t64_0.6.2-2.1build1_armhf.deb ... 788s Unpacking libref-array1t64:armhf (0.6.2-2.1build1) ... 788s Selecting previously unselected package libini-config5t64:armhf. 788s Preparing to unpack .../14-libini-config5t64_0.6.2-2.1build1_armhf.deb ... 788s Unpacking libini-config5t64:armhf (0.6.2-2.1build1) ... 788s Selecting previously unselected package libipa-hbac0t64. 788s Preparing to unpack .../15-libipa-hbac0t64_2.9.4-1.1ubuntu6_armhf.deb ... 788s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 788s Selecting previously unselected package libtalloc2:armhf. 788s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_armhf.deb ... 788s Unpacking libtalloc2:armhf (2.4.2-1build2) ... 788s Selecting previously unselected package libtdb1:armhf. 788s Preparing to unpack .../17-libtdb1_1.4.10-1build1_armhf.deb ... 788s Unpacking libtdb1:armhf (1.4.10-1build1) ... 788s Selecting previously unselected package libtevent0t64:armhf. 788s Preparing to unpack .../18-libtevent0t64_0.16.1-2build1_armhf.deb ... 788s Unpacking libtevent0t64:armhf (0.16.1-2build1) ... 789s Selecting previously unselected package libldb2:armhf. 789s Preparing to unpack .../19-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_armhf.deb ... 789s Unpacking libldb2:armhf (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 789s Selecting previously unselected package libnfsidmap1:armhf. 789s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-3ubuntu5_armhf.deb ... 789s Unpacking libnfsidmap1:armhf (1:2.6.4-3ubuntu5) ... 789s Selecting previously unselected package libpwquality-common. 789s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 789s Unpacking libpwquality-common (1.4.5-3build1) ... 789s Selecting previously unselected package libpwquality1:armhf. 789s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_armhf.deb ... 789s Unpacking libpwquality1:armhf (1.4.5-3build1) ... 789s Selecting previously unselected package libpam-pwquality:armhf. 789s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_armhf.deb ... 789s Unpacking libpam-pwquality:armhf (1.4.5-3build1) ... 789s Selecting previously unselected package libwbclient0:armhf. 789s Preparing to unpack .../24-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 789s Unpacking libwbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 789s Selecting previously unselected package samba-libs:armhf. 789s Preparing to unpack .../25-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 789s Unpacking samba-libs:armhf (2:4.19.5+dfsg-4ubuntu9) ... 789s Selecting previously unselected package libsmbclient0:armhf. 789s Preparing to unpack .../26-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 789s Unpacking libsmbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 789s Selecting previously unselected package softhsm2-common. 789s Preparing to unpack .../27-softhsm2-common_2.6.1-2.2ubuntu3_armhf.deb ... 789s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 790s Selecting previously unselected package libsofthsm2. 790s Preparing to unpack .../28-libsofthsm2_2.6.1-2.2ubuntu3_armhf.deb ... 790s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 790s Selecting previously unselected package softhsm2. 790s Preparing to unpack .../29-softhsm2_2.6.1-2.2ubuntu3_armhf.deb ... 790s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 790s Selecting previously unselected package python3-sss. 790s Preparing to unpack .../30-python3-sss_2.9.4-1.1ubuntu6_armhf.deb ... 790s Unpacking python3-sss (2.9.4-1.1ubuntu6) ... 790s Selecting previously unselected package libsss-idmap0. 790s Preparing to unpack .../31-libsss-idmap0_2.9.4-1.1ubuntu6_armhf.deb ... 790s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6) ... 790s Selecting previously unselected package libnss-sss:armhf. 790s Preparing to unpack .../32-libnss-sss_2.9.4-1.1ubuntu6_armhf.deb ... 790s Unpacking libnss-sss:armhf (2.9.4-1.1ubuntu6) ... 790s Selecting previously unselected package libpam-sss:armhf. 790s Preparing to unpack .../33-libpam-sss_2.9.4-1.1ubuntu6_armhf.deb ... 790s Unpacking libpam-sss:armhf (2.9.4-1.1ubuntu6) ... 790s Selecting previously unselected package libsss-certmap0. 790s Preparing to unpack .../34-libsss-certmap0_2.9.4-1.1ubuntu6_armhf.deb ... 790s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6) ... 790s Selecting previously unselected package libsss-nss-idmap0. 790s Preparing to unpack .../35-libsss-nss-idmap0_2.9.4-1.1ubuntu6_armhf.deb ... 790s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 790s Selecting previously unselected package sssd-common. 790s Preparing to unpack .../36-sssd-common_2.9.4-1.1ubuntu6_armhf.deb ... 790s Unpacking sssd-common (2.9.4-1.1ubuntu6) ... 790s Selecting previously unselected package sssd-ad-common. 790s Preparing to unpack .../37-sssd-ad-common_2.9.4-1.1ubuntu6_armhf.deb ... 790s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6) ... 790s Selecting previously unselected package sssd-krb5-common. 790s Preparing to unpack .../38-sssd-krb5-common_2.9.4-1.1ubuntu6_armhf.deb ... 790s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6) ... 790s Selecting previously unselected package sssd-ad. 790s Preparing to unpack .../39-sssd-ad_2.9.4-1.1ubuntu6_armhf.deb ... 790s Unpacking sssd-ad (2.9.4-1.1ubuntu6) ... 791s Selecting previously unselected package sssd-ipa. 791s Preparing to unpack .../40-sssd-ipa_2.9.4-1.1ubuntu6_armhf.deb ... 791s Unpacking sssd-ipa (2.9.4-1.1ubuntu6) ... 791s Selecting previously unselected package sssd-krb5. 791s Preparing to unpack .../41-sssd-krb5_2.9.4-1.1ubuntu6_armhf.deb ... 791s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6) ... 791s Selecting previously unselected package sssd-ldap. 791s Preparing to unpack .../42-sssd-ldap_2.9.4-1.1ubuntu6_armhf.deb ... 791s Unpacking sssd-ldap (2.9.4-1.1ubuntu6) ... 791s Selecting previously unselected package sssd-proxy. 791s Preparing to unpack .../43-sssd-proxy_2.9.4-1.1ubuntu6_armhf.deb ... 791s Unpacking sssd-proxy (2.9.4-1.1ubuntu6) ... 791s Selecting previously unselected package sssd. 791s Preparing to unpack .../44-sssd_2.9.4-1.1ubuntu6_armhf.deb ... 791s Unpacking sssd (2.9.4-1.1ubuntu6) ... 791s Selecting previously unselected package autopkgtest-satdep. 791s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 791s Unpacking autopkgtest-satdep (0) ... 791s Setting up libpwquality-common (1.4.5-3build1) ... 791s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 792s 792s Creating config file /etc/softhsm/softhsm2.conf with new version 792s Setting up libnfsidmap1:armhf (1:2.6.4-3ubuntu5) ... 792s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6) ... 792s Setting up libbasicobjects0t64:armhf (0.6.2-2.1build1) ... 792s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 792s Setting up libref-array1t64:armhf (0.6.2-2.1build1) ... 792s Setting up libtdb1:armhf (1.4.10-1build1) ... 792s Setting up libcollection4t64:armhf (0.6.2-2.1build1) ... 792s Setting up libevent-2.1-7t64:armhf (2.1.12-stable-9ubuntu2) ... 792s Setting up libwbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 792s Setting up libtalloc2:armhf (2.4.2-1build2) ... 792s Setting up libpath-utils1t64:armhf (0.6.2-2.1build1) ... 792s Setting up libunbound8:armhf (1.19.2-1ubuntu3.1) ... 792s Setting up libgnutls-dane0t64:armhf (3.8.3-1.1ubuntu3.1) ... 792s Setting up libavahi-common-data:armhf (0.8-13ubuntu6) ... 792s Setting up libcares2:armhf (1.27.0-1.0ubuntu1) ... 792s Setting up libdhash1t64:armhf (0.6.2-2.1build1) ... 792s Setting up libcrack2:armhf (2.9.6-5.1build2) ... 792s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 792s Setting up libini-config5t64:armhf (0.6.2-2.1build1) ... 792s Setting up libtevent0t64:armhf (0.16.1-2build1) ... 792s Setting up libnss-sss:armhf (2.9.4-1.1ubuntu6) ... 792s Setting up gnutls-bin (3.8.3-1.1ubuntu3.1) ... 792s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 792s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 792s Setting up libavahi-common3:armhf (0.8-13ubuntu6) ... 792s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6) ... 792s Setting up libpwquality1:armhf (1.4.5-3build1) ... 792s Setting up libldb2:armhf (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 792s Setting up libavahi-client3:armhf (0.8-13ubuntu6) ... 792s Setting up libpam-pwquality:armhf (1.4.5-3build1) ... 793s Setting up samba-libs:armhf (2:4.19.5+dfsg-4ubuntu9) ... 793s Setting up python3-sss (2.9.4-1.1ubuntu6) ... 794s Setting up libsmbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 794s Setting up libpam-sss:armhf (2.9.4-1.1ubuntu6) ... 795s Setting up sssd-common (2.9.4-1.1ubuntu6) ... 796s Creating SSSD system user & group... 797s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 797s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 797s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 797s apparmor_parser: Unable to replace "/usr/sbin/sssd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 797s 800s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 801s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 801s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 801s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 801s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 802s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 802s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 804s sssd-autofs.service is a disabled or a static unit, not starting it. 804s sssd-nss.service is a disabled or a static unit, not starting it. 804s sssd-pam.service is a disabled or a static unit, not starting it. 804s sssd-ssh.service is a disabled or a static unit, not starting it. 804s sssd-sudo.service is a disabled or a static unit, not starting it. 804s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 804s Setting up sssd-proxy (2.9.4-1.1ubuntu6) ... 804s Setting up sssd-ad-common (2.9.4-1.1ubuntu6) ... 804s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 805s sssd-pac.service is a disabled or a static unit, not starting it. 805s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 805s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6) ... 805s Setting up sssd-krb5 (2.9.4-1.1ubuntu6) ... 805s Setting up sssd-ldap (2.9.4-1.1ubuntu6) ... 805s Setting up sssd-ad (2.9.4-1.1ubuntu6) ... 805s Setting up sssd-ipa (2.9.4-1.1ubuntu6) ... 805s Setting up sssd (2.9.4-1.1ubuntu6) ... 805s Setting up autopkgtest-satdep (0) ... 805s Processing triggers for man-db (2.12.0-4build2) ... 806s Processing triggers for libc-bin (2.39-0ubuntu8.2) ... 823s (Reading database ... 58499 files and directories currently installed.) 823s Removing autopkgtest-satdep (0) ... 846s autopkgtest [15:26:33]: test sssd-softhism2-certificates-tests.sh: [----------------------- 858s + '[' -z ubuntu ']' 858s + required_tools=(p11tool openssl softhsm2-util) 858s + for cmd in "${required_tools[@]}" 858s + command -v p11tool 858s + for cmd in "${required_tools[@]}" 858s + command -v openssl 858s + for cmd in "${required_tools[@]}" 858s + command -v softhsm2-util 858s + PIN=053350 858s +++ head -n 1 858s +++ find /usr/lib/softhsm/libsofthsm2.so 858s ++ realpath /usr/lib/softhsm/libsofthsm2.so 858s + SOFTHSM2_MODULE=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 858s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 858s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 858s + '[' '!' -v NO_SSSD_TESTS ']' 858s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 858s + ca_db_arg=ca_db 858s ++ /usr/libexec/sssd/p11_child --help 858s + p11_child_help='Usage: p11_child [OPTION...] 858s -d, --debug-level=INT Debug level 858s --debug-timestamps=INT Add debug timestamps 858s --debug-microseconds=INT Show timestamps with microseconds 858s --dumpable=INT Allow core dumps 858s --debug-fd=INT An open file descriptor for the debug 858s logs 858s --logger=stderr|files|journald Set logger 858s --auth Run in auth mode 858s --pre Run in pre-auth mode 858s --wait_for_card Wait until card is available 858s --verification Run in verification mode 858s --pin Expect PIN on stdin 858s --keypad Expect PIN on keypad 858s --verify=STRING Tune validation 858s --ca_db=STRING CA DB to use 858s --module_name=STRING Module name for authentication 858s --token_name=STRING Token name for authentication 858s --key_id=STRING Key ID for authentication 858s --label=STRING Label for authentication 858s --certificate=STRING certificate to verify, base64 encoded 858s --uri=STRING PKCS#11 URI to restrict selection 858s --chain-id=LONG Tevent chain ID used for logging 858s purposes 858s 858s Help options: 858s -?, --help Show this help message 858s --usage Display brief usage message' 858s + echo 'Usage: p11_child [OPTION...] 858s -d, --debug-level=INT Debug level 858s --debug-timestamps=INT Add debug timestamps 858s --debug-microseconds=INT Show timestamps with microseconds 858s --dumpable=INT Allow core dumps 858s --debug-fd=INT An open file descriptor for the debug 858s logs 858s --logger=stderr|files|journald Set logger 858s --auth Run in auth mode 858s --pre Run in pre-auth mode 858s --wait_for_card Wait until card is available 858s --verification Run in verification mode 858s --pin Expect PIN on stdin 858s --keypad Expect PIN on keypad 858s --verify=STRING Tune validation 858s --ca_db=STRING CA DB to use 858s --module_name=STRING Module name for authentication 858s --token_name=STRING Token name for authentication 858s --key_id=STRING Key ID for authentication 858s --label=STRING Label for authentication 858s --certificate=STRING certificate to verify, base64 encoded 858s --uri=STRING PKCS#11 URI to restrict selection 858s --chain-id=LONG Tevent chain ID used for logging 858s purposes 858s 858s Help options: 858s -?, --help Show this help message 858s --usage Display brief usage message' 858s + grep nssdb -qs 859s + echo 'Usage: p11_child [OPTION...] 859s -d, --debug-level=INT Debug level 859s --debug-timestamps=INT Add debug timestamps 859s --debug-microseconds=INT Show timestamps with microseconds 859s --dumpable=INT Allow core dumps 859s --debug-fd=INT An open file descriptor for the debug 859s logs 859s --logger=stderr|files|journald Set logger 859s --auth Run in auth mode 859s --pre Run in pre-auth mode 859s --wait_for_card Wait until card is available 859s --verification Run in verification mode 859s --pin Expect PIN on stdin 859s --keypad Expect PIN on keypad 859s --verify=STRING Tune validation 859s --ca_db=STRING CA DB to use 859s --module_name=STRING Module name for authentication 859s --token_name=STRING Token name for authentication 859s --key_id=STRING Key ID for authentication 859s --label=STRING Label for authentication 859s --certificate=STRING certificate to verify, base64 encoded 859s --uri=STRING PKCS#11 URI to restrict selection 859s --chain-id=LONG Tevent chain ID used for logging 859s purposes 859s 859s Help options: 859s -?, --help Show this help message 859s --usage Display brief usage message' 859s + grep -qs -- --ca_db 859s + '[' '!' -e /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so ']' 859s ++ mktemp -d -t sssd-softhsm2-XXXXXX 859s + tmpdir=/tmp/sssd-softhsm2-EJdWyP 859s + keys_size=1024 859s + [[ ! -v KEEP_TEMPORARY_FILES ]] 859s + trap 'rm -rf "$tmpdir"' EXIT 859s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 859s + echo -n 01 859s + touch /tmp/sssd-softhsm2-EJdWyP/index.txt 859s + mkdir -p /tmp/sssd-softhsm2-EJdWyP/new_certs 859s + cat 859s + root_ca_key_pass=pass:random-root-CA-password-15387 859s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-EJdWyP/test-root-CA-key.pem -passout pass:random-root-CA-password-15387 1024 863s + openssl req -passin pass:random-root-CA-password-15387 -batch -config /tmp/sssd-softhsm2-EJdWyP/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-EJdWyP/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 867s + openssl x509 -noout -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 868s + cat 869s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-9976 869s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-9976 1024 869s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-9976 -config /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.config -key /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-15387 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-certificate-request.pem 869s + openssl req -text -noout -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-certificate-request.pem 869s Certificate Request: 869s Data: 869s Version: 1 (0x0) 869s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 869s Subject Public Key Info: 869s Public Key Algorithm: rsaEncryption 869s Public-Key: (1024 bit) 869s Modulus: 869s 00:ec:74:d7:a1:4e:4b:f9:2c:57:88:77:8c:74:8e: 869s 2f:c6:87:15:ff:cc:5b:38:4a:28:48:e7:db:bf:4a: 869s a1:5b:f8:dd:4d:87:96:32:75:d1:d6:03:78:71:03: 869s e2:47:5e:63:79:ab:4d:e6:e2:54:d7:c9:0b:f1:fb: 869s 95:98:02:21:cd:22:16:38:86:15:c7:cd:22:70:b7: 869s 36:07:a8:9f:67:0c:2e:c6:85:9b:71:fb:68:c5:1b: 869s fd:02:2a:d8:d0:0b:a2:e4:da:f8:5a:d7:f3:46:a1: 869s a8:33:f3:bc:d4:04:b8:aa:7d:7c:a7:81:56:91:f7: 869s 94:0c:d4:28:52:ba:f7:36:0b 869s Exponent: 65537 (0x10001) 869s Attributes: 869s (none) 869s Requested Extensions: 869s Signature Algorithm: sha256WithRSAEncryption 869s Signature Value: 869s 57:30:4b:21:4c:f9:89:16:31:4d:2f:62:1e:88:54:38:e3:7d: 869s 7c:e5:5e:2a:16:d9:a8:35:94:bb:ee:27:5f:52:9b:1e:c6:96: 869s d8:52:aa:6a:83:56:8d:6e:c6:8d:ee:ff:91:e5:c2:61:7d:95: 869s 57:5e:74:cf:aa:6b:fa:9f:b5:f5:79:7c:d9:f5:15:1c:dc:d9: 869s 51:0b:af:d6:bb:08:60:2d:43:80:7f:20:cc:e0:26:cd:f3:34: 869s 0c:c3:b8:d2:5f:73:19:88:42:d4:ca:e3:d1:02:eb:df:e5:a4: 869s 90:7c:95:9b:7e:6c:70:04:7e:2b:6f:dd:16:b1:d9:d8:34:c3: 869s a9:f7 869s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-EJdWyP/test-root-CA.config -passin pass:random-root-CA-password-15387 -keyfile /tmp/sssd-softhsm2-EJdWyP/test-root-CA-key.pem -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 869s Using configuration from /tmp/sssd-softhsm2-EJdWyP/test-root-CA.config 869s Check that the request matches the signature 869s Signature ok 869s Certificate Details: 869s Serial Number: 1 (0x1) 869s Validity 869s Not Before: Jun 14 15:26:57 2024 GMT 869s Not After : Jun 14 15:26:57 2025 GMT 869s Subject: 869s organizationName = Test Organization 869s organizationalUnitName = Test Organization Unit 869s commonName = Test Organization Intermediate CA 869s X509v3 extensions: 869s X509v3 Subject Key Identifier: 869s 74:DB:20:B8:73:6A:1F:F1:BE:B0:66:9E:8F:CB:63:37:BE:39:06:B3 869s X509v3 Authority Key Identifier: 869s keyid:E1:6E:F4:3F:F4:20:15:14:6C:C1:8E:09:19:24:C3:79:14:7E:79:26 869s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 869s serial:00 869s X509v3 Basic Constraints: 869s CA:TRUE 869s X509v3 Key Usage: critical 869s Digital Signature, Certificate Sign, CRL Sign 869s Certificate is to be certified until Jun 14 15:26:57 2025 GMT (365 days) 869s 869s Write out database with 1 new entries 869s Database updated 869s + openssl x509 -noout -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 869s + openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 869s /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem: OK 869s + cat 869s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-7098 869s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-7098 1024 870s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-7098 -config /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-9976 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-certificate-request.pem 870s + openssl req -text -noout -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-certificate-request.pem 870s Certificate Request: 870s Data: 870s Version: 1 (0x0) 870s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 870s Subject Public Key Info: 870s Public Key Algorithm: rsaEncryption 870s Public-Key: (1024 bit) 870s Modulus: 870s 00:f2:e3:5e:20:42:42:8b:90:f8:bd:2d:b8:04:27: 870s 9c:3d:7f:7a:c4:75:2c:83:9e:af:39:33:ea:fc:a0: 870s 30:a9:e8:f4:fb:ca:06:5a:1b:aa:78:f0:3b:33:da: 870s 56:16:3e:ef:bf:37:b7:7a:72:3c:d2:fb:25:87:5a: 870s 08:63:63:b2:e4:96:e7:62:37:63:1f:17:02:2c:1f: 870s 35:a2:fa:0d:4e:50:07:4b:c4:70:f3:4a:2e:2b:e5: 870s 38:88:c1:ea:73:a8:b1:24:9f:26:dc:e8:e4:38:72: 870s 35:23:1a:51:9e:c4:ec:db:69:48:65:c7:e4:1e:93: 870s 40:73:72:8d:08:19:eb:cc:95 870s Exponent: 65537 (0x10001) 870s Attributes: 870s (none) 870s Requested Extensions: 870s Signature Algorithm: sha256WithRSAEncryption 870s Signature Value: 870s a6:e3:c8:ba:1a:68:1b:7a:c9:1e:d1:24:72:5d:7f:24:c6:b6: 870s b1:57:15:65:69:03:b2:5d:a6:cf:28:57:df:7f:55:9d:c6:86: 870s 99:0b:5b:73:d0:10:78:e5:94:06:af:f4:6c:3a:41:15:1d:04: 870s 75:a5:ab:7c:70:17:64:91:54:3f:bf:4b:36:75:3c:a8:92:15: 870s a8:4a:ff:bb:7f:d3:d3:83:98:55:71:97:f0:20:54:de:8a:d0: 870s d5:92:d0:73:a0:0c:42:4c:c3:9e:c2:76:f7:c0:9f:22:ee:ce: 870s f5:b4:aa:be:b6:b0:84:89:f9:8f:7f:89:cb:09:63:ad:a8:dd: 870s 7b:7b 870s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-9976 -keyfile /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem 870s Using configuration from /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.config 870s Check that the request matches the signature 870s Signature ok 870s Certificate Details: 870s Serial Number: 2 (0x2) 870s Validity 870s Not Before: Jun 14 15:26:58 2024 GMT 870s Not After : Jun 14 15:26:58 2025 GMT 870s Subject: 870s organizationName = Test Organization 870s organizationalUnitName = Test Organization Unit 870s commonName = Test Organization Sub Intermediate CA 870s X509v3 extensions: 870s X509v3 Subject Key Identifier: 870s B8:4E:A5:9A:FE:16:44:41:39:63:5B:6A:CB:E3:F5:75:1E:03:1A:C9 870s X509v3 Authority Key Identifier: 870s keyid:74:DB:20:B8:73:6A:1F:F1:BE:B0:66:9E:8F:CB:63:37:BE:39:06:B3 870s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 870s serial:01 870s X509v3 Basic Constraints: 870s CA:TRUE 870s X509v3 Key Usage: critical 870s Digital Signature, Certificate Sign, CRL Sign 870s Certificate is to be certified until Jun 14 15:26:58 2025 GMT (365 days) 870s 870s Write out database with 1 new entries 870s Database updated 870s + openssl x509 -noout -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem 870s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem 870s /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem: OK 870s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem 870s + local cmd=openssl 870s + shift 870s + openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem 870s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 870s error 20 at 0 depth lookup: unable to get local issuer certificate 870s error /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem: verification failed 870s + cat 870s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-18834 870s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-18834 1024 871s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-18834 -key /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001-request.pem 871s + openssl req -text -noout -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001-request.pem 871s Certificate Request: 871s Data: 871s Version: 1 (0x0) 871s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 871s Subject Public Key Info: 871s Public Key Algorithm: rsaEncryption 871s Public-Key: (1024 bit) 871s Modulus: 871s 00:94:f5:fe:be:d6:4d:37:9e:2c:0b:11:d5:c6:dc: 871s bd:b5:f1:99:7d:31:08:76:a4:65:c0:31:19:ba:4b: 871s 85:f2:e6:75:7e:4c:96:78:9a:c5:73:f2:db:9d:d2: 871s 42:7c:97:20:3f:3c:1c:fd:ff:8b:cc:5f:2b:b0:8c: 871s cc:37:25:cf:ee:6d:2b:89:33:ff:49:1d:27:40:1f: 871s a2:e9:ce:16:ad:5b:b3:94:49:88:ca:a4:d0:16:c6: 871s 51:2c:3b:c6:5f:0a:69:af:ca:10:04:20:8d:cf:7c: 871s 6c:13:8c:65:d5:5b:44:71:66:88:a7:26:52:56:53: 871s 4c:74:78:93:c0:6a:99:83:51 871s Exponent: 65537 (0x10001) 871s Attributes: 871s Requested Extensions: 871s X509v3 Basic Constraints: 871s CA:FALSE 871s Netscape Cert Type: 871s SSL Client, S/MIME 871s Netscape Comment: 871s Test Organization Root CA trusted Certificate 871s X509v3 Subject Key Identifier: 871s 62:13:28:2B:9B:9F:FE:EF:1E:83:A1:6A:16:F7:48:6B:D7:6D:A6:19 871s X509v3 Key Usage: critical 871s Digital Signature, Non Repudiation, Key Encipherment 871s X509v3 Extended Key Usage: 871s TLS Web Client Authentication, E-mail Protection 871s X509v3 Subject Alternative Name: 871s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 871s Signature Algorithm: sha256WithRSAEncryption 871s Signature Value: 871s 22:67:e8:ae:d3:bb:4c:a9:2d:37:df:49:34:46:a7:57:07:ab: 871s a5:80:45:51:17:41:bd:72:de:c5:f7:c2:11:f2:81:81:97:d8: 871s e0:2c:04:ba:16:77:14:4d:32:44:b4:a1:49:04:8e:ef:25:01: 871s c1:88:76:ed:49:4e:30:93:95:87:96:bf:da:75:d2:07:64:a7: 871s e1:46:44:56:45:c2:5c:6c:a1:df:16:4e:cc:fe:9a:8d:3b:18: 871s 11:22:80:da:c6:b3:39:e6:e7:66:b9:b6:7f:f7:ed:70:66:7d: 871s 99:ac:44:f0:aa:49:36:e5:7d:4c:bb:1f:68:76:44:ed:bd:1d: 871s a6:b9 871s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-EJdWyP/test-root-CA.config -passin pass:random-root-CA-password-15387 -keyfile /tmp/sssd-softhsm2-EJdWyP/test-root-CA-key.pem -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 871s Using configuration from /tmp/sssd-softhsm2-EJdWyP/test-root-CA.config 871s Check that the request matches the signature 871s Signature ok 871s Certificate Details: 871s Serial Number: 3 (0x3) 871s Validity 871s Not Before: Jun 14 15:26:59 2024 GMT 871s Not After : Jun 14 15:26:59 2025 GMT 871s Subject: 871s organizationName = Test Organization 871s organizationalUnitName = Test Organization Unit 871s commonName = Test Organization Root Trusted Certificate 0001 871s X509v3 extensions: 871s X509v3 Authority Key Identifier: 871s E1:6E:F4:3F:F4:20:15:14:6C:C1:8E:09:19:24:C3:79:14:7E:79:26 871s X509v3 Basic Constraints: 871s CA:FALSE 871s Netscape Cert Type: 871s SSL Client, S/MIME 871s Netscape Comment: 871s Test Organization Root CA trusted Certificate 871s X509v3 Subject Key Identifier: 871s 62:13:28:2B:9B:9F:FE:EF:1E:83:A1:6A:16:F7:48:6B:D7:6D:A6:19 871s X509v3 Key Usage: critical 871s Digital Signature, Non Repudiation, Key Encipherment 871s X509v3 Extended Key Usage: 871s TLS Web Client Authentication, E-mail Protection 871s X509v3 Subject Alternative Name: 871s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 871s Certificate is to be certified until Jun 14 15:26:59 2025 GMT (365 days) 871s 871s Write out database with 1 new entries 871s Database updated 871s + openssl x509 -noout -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 871s + openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 871s /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem: OK 871s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 871s + local cmd=openssl 871s + shift 871s + openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 871s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 871s error 20 at 0 depth lookup: unable to get local issuer certificate 871s error /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem: verification failed 871s + cat 871s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 871s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-7299 1024 871s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-7299 -key /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001-request.pem 871s + openssl req -text -noout -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001-request.pem 871s Certificate Request: 871s Data: 871s Version: 1 (0x0) 871s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 871s Subject Public Key Info: 871s Public Key Algorithm: rsaEncryption 871s Public-Key: (1024 bit) 871s Modulus: 871s 00:e1:2f:b5:7e:97:d5:0a:c6:bd:b7:de:c7:8f:b1: 871s 38:b9:2b:e4:2f:0f:f3:ca:04:e6:8a:b7:38:cc:16: 871s 67:34:60:09:8c:33:53:52:37:fd:55:04:31:9f:31: 871s 89:8d:e2:16:99:b9:a3:c5:b4:46:fa:32:7d:64:ec: 871s 68:2e:44:20:c1:c7:79:47:72:46:e4:13:b0:8a:a8: 871s 9b:0d:75:be:bb:df:2a:26:2e:2b:3c:d5:1f:bc:50: 871s 0d:0e:55:08:de:9f:e8:6f:57:f9:7f:b5:5b:c8:be: 871s 8d:0c:1b:e6:d3:16:1a:be:45:99:8e:f6:22:a1:c1: 871s 9d:a4:f6:fd:8b:66:b4:5c:ef 871s Exponent: 65537 (0x10001) 871s Attributes: 871s Requested Extensions: 871s X509v3 Basic Constraints: 871s CA:FALSE 871s Netscape Cert Type: 871s SSL Client, S/MIME 871s Netscape Comment: 871s Test Organization Intermediate CA trusted Certificate 871s X509v3 Subject Key Identifier: 871s 39:B7:A8:C9:CC:72:65:EB:76:88:2B:BE:1A:60:F5:DB:0C:90:00:F5 871s X509v3 Key Usage: critical 871s Digital Signature, Non Repudiation, Key Encipherment 871s X509v3 Extended Key Usage: 871s TLS Web Client Authentication, E-mail Protection 871s X509v3 Subject Alternative Name: 871s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 871s Signature Algorithm: sha256WithRSAEncryption 871s Signature Value: 871s 9d:02:46:1e:77:c8:ae:34:fd:00:83:02:5e:9b:39:9b:ac:cc: 871s 52:a0:2e:10:24:41:e3:8a:71:1d:c2:90:83:96:8f:96:7f:86: 871s 62:1a:c1:70:84:56:9c:e2:b8:fe:67:34:90:79:73:02:1a:64: 871s 24:fe:f8:2c:de:e3:4e:93:6d:e4:47:c2:22:b5:d1:01:fa:f9: 871s b4:f5:11:18:b5:d3:36:3c:6d:1a:31:46:cb:05:48:37:66:ea: 871s 2c:fc:2f:df:1b:1e:76:bf:bb:0f:61:bf:fc:a5:64:31:d2:f4: 871s d4:49:74:06:6f:4d:27:ef:e4:8c:95:c5:83:fd:50:fa:54:78: 871s be:41 871s + openssl ca -passin pass:random-intermediate-CA-password-9976 -config /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 872s Using configuration from /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.config 872s Check that the request matches the signature 872s Signature ok 872s Certificate Details: 872s Serial Number: 4 (0x4) 872s Validity 872s Not Before: Jun 14 15:26:59 2024 GMT 872s Not After : Jun 14 15:26:59 2025 GMT 872s Subject: 872s organizationName = Test Organization 872s organizationalUnitName = Test Organization Unit 872s commonName = Test Organization Intermediate Trusted Certificate 0001 872s X509v3 extensions: 872s X509v3 Authority Key Identifier: 872s 74:DB:20:B8:73:6A:1F:F1:BE:B0:66:9E:8F:CB:63:37:BE:39:06:B3 872s X509v3 Basic Constraints: 872s CA:FALSE 872s Netscape Cert Type: 872s SSL Client, S/MIME 872s Netscape Comment: 872s Test Organization Intermediate CA trusted Certificate 872s X509v3 Subject Key Identifier: 872s 39:B7:A8:C9:CC:72:65:EB:76:88:2B:BE:1A:60:F5:DB:0C:90:00:F5 872s X509v3 Key Usage: critical 872s Digital Signature, Non Repudiation, Key Encipherment 872s X509v3 Extended Key Usage: 872s TLS Web Client Authentication, E-mail Protection 872s X509v3 Subject Alternative Name: 872s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 872s Certificate is to be certified until Jun 14 15:26:59 2025 GMT (365 days) 872s 872s Write out database with 1 new entries 872s Database updated 872s + openssl x509 -noout -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 872s + echo 'This certificate should not be trusted fully' 872s This certificate should not be trusted fully 872s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 872s + local cmd=openssl 872s + shift 872s + openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 872s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 872s error 2 at 1 depth lookup: unable to get issuer certificate 872s error /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 872s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 872s /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem: OK 872s + cat 872s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 872s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-4402 1024 872s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-4402 -key /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 872s + openssl req -text -noout -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 872s Certificate Request: 872s Data: 872s Version: 1 (0x0) 872s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 872s Subject Public Key Info: 872s Public Key Algorithm: rsaEncryption 872s Public-Key: (1024 bit) 872s Modulus: 872s 00:dd:ad:30:de:66:c1:21:85:3e:cf:94:fe:f1:85: 872s a1:b0:77:02:55:19:78:58:9c:bc:6f:89:54:7a:db: 872s e8:0a:f2:59:b3:85:4e:2b:e8:26:d2:bc:76:60:45: 872s 47:97:db:18:86:4e:9e:6b:4a:70:d9:8e:56:13:03: 872s 2e:90:7b:5f:59:6d:28:db:c3:74:65:5a:11:9c:70: 872s 58:95:f1:fc:f2:27:e9:18:ca:28:c8:9d:82:72:20: 872s c8:7a:9d:24:55:cd:7a:27:34:e6:5f:e4:f7:e9:d2: 872s ea:82:c9:55:f4:e2:0a:46:aa:d6:64:37:08:b9:51: 872s df:8e:99:e7:46:14:4e:0e:d1 872s Exponent: 65537 (0x10001) 872s Attributes: 872s Requested Extensions: 872s X509v3 Basic Constraints: 872s CA:FALSE 872s Netscape Cert Type: 872s SSL Client, S/MIME 872s Netscape Comment: 872s Test Organization Sub Intermediate CA trusted Certificate 872s X509v3 Subject Key Identifier: 872s FA:4B:B9:D6:95:24:70:E7:72:ED:57:CC:34:33:A1:36:C6:84:3A:33 872s X509v3 Key Usage: critical 872s Digital Signature, Non Repudiation, Key Encipherment 872s X509v3 Extended Key Usage: 872s TLS Web Client Authentication, E-mail Protection 872s X509v3 Subject Alternative Name: 872s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 872s Signature Algorithm: sha256WithRSAEncryption 872s Signature Value: 872s 92:81:ad:6f:db:d3:10:98:03:32:3a:52:a3:ba:54:4d:75:75: 872s 9b:cb:00:e1:c0:80:58:2d:3d:67:94:55:22:1a:3d:2c:1f:2e: 872s 19:cd:cf:cc:7e:91:dc:cd:3c:b5:a4:9b:af:11:10:0b:29:51: 872s 09:73:78:d1:17:e6:b4:cf:d6:e4:63:16:42:95:84:be:0c:be: 872s 76:4c:d4:04:c8:3f:9a:dc:58:c3:f8:67:f2:05:eb:46:c7:16: 872s a7:81:17:69:56:b4:33:13:2d:a7:54:65:30:f1:1c:ec:74:c6: 872s 96:59:15:3d:f5:ca:80:89:ce:60:0f:9a:a2:f5:20:4a:71:fa: 872s 9d:f8 872s + openssl ca -passin pass:random-sub-intermediate-CA-password-7098 -config /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 872s Using configuration from /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.config 872s Check that the request matches the signature 872s Signature ok 872s Certificate Details: 872s Serial Number: 5 (0x5) 872s Validity 872s Not Before: Jun 14 15:27:00 2024 GMT 872s Not After : Jun 14 15:27:00 2025 GMT 872s Subject: 872s organizationName = Test Organization 872s organizationalUnitName = Test Organization Unit 872s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 872s X509v3 extensions: 872s X509v3 Authority Key Identifier: 872s B8:4E:A5:9A:FE:16:44:41:39:63:5B:6A:CB:E3:F5:75:1E:03:1A:C9 872s X509v3 Basic Constraints: 872s CA:FALSE 872s Netscape Cert Type: 872s SSL Client, S/MIME 872s Netscape Comment: 872s Test Organization Sub Intermediate CA trusted Certificate 872s X509v3 Subject Key Identifier: 872s FA:4B:B9:D6:95:24:70:E7:72:ED:57:CC:34:33:A1:36:C6:84:3A:33 872s X509v3 Key Usage: critical 872s Digital Signature, Non Repudiation, Key Encipherment 872s X509v3 Extended Key Usage: 872s TLS Web Client Authentication, E-mail Protection 872s X509v3 Subject Alternative Name: 872s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 872s Certificate is to be certified until Jun 14 15:27:00 2025 GMT (365 days) 872s 872s Write out database with 1 new entries 872s Database updated 872s + openssl x509 -noout -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 872s This certificate should not be trusted fully 872s + echo 'This certificate should not be trusted fully' 872s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 872s + local cmd=openssl 872s + shift 872s + openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 872s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 872s error 2 at 1 depth lookup: unable to get issuer certificate 872s error /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 872s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 872s + local cmd=openssl 872s + shift 872s + openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 872s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 872s error 20 at 0 depth lookup: unable to get local issuer certificate 872s error /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 872s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 872s /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 872s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 872s + local cmd=openssl 872s + shift 872s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 872s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 872s error 20 at 0 depth lookup: unable to get local issuer certificate 872s error /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 872s + echo 'Building a the full-chain CA file...' 872s Building a the full-chain CA file... 872s + cat /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem 872s + cat /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 872s + cat /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem 872s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 872s + openssl pkcs7 -print_certs -noout 872s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 872s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 872s 872s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 872s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 872s 872s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 872s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 872s 872s + openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 872s /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem: OK 872s + openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 872s /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem: OK 872s + openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 872s + openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-root-intermediate-chain-CA.pem 872s /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem: OK 872s /tmp/sssd-softhsm2-EJdWyP/test-root-intermediate-chain-CA.pem: OK 872s + openssl verify -CAfile /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 872s /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 872s + echo 'Certificates generation completed!' 872s Certificates generation completed! 872s + [[ -v NO_SSSD_TESTS ]] 872s + invalid_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /dev/null 873s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /dev/null 873s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 873s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 873s + local key_ring=/dev/null 873s + local verify_option= 873s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 873s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 873s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 873s + local key_cn 873s + local key_name 873s + local tokens_dir 873s + local output_cert_file 873s + token_name= 873s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem .pem 873s + key_name=test-root-CA-trusted-certificate-0001 873s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 873s ++ sed -n 's/ *commonName *= //p' 874s + key_cn='Test Organization Root Trusted Certificate 0001' 874s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 874s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 874s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 874s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 874s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 874s + token_name='Test Organization Root Tr Token' 874s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 874s + local key_file 874s + local decrypted_key 874s + mkdir -p /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 874s + key_file=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001-key.pem 874s + decrypted_key=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001-key-decrypted.pem 874s + cat 874s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 875s Slot 0 has a free/uninitialized token. 875s The token has been initialized and is reassigned to slot 1376932810 875s + softhsm2-util --show-slots 875s Available slots: 875s Slot 1376932810 875s Slot info: 875s Description: SoftHSM slot ID 0x521253ca 875s Manufacturer ID: SoftHSM project 875s Hardware version: 2.6 875s Firmware version: 2.6 875s Token present: yes 875s Token info: 875s Manufacturer ID: SoftHSM project 875s Model: SoftHSM v2 875s Hardware version: 2.6 875s Firmware version: 2.6 875s Serial number: 6d5b314b521253ca 875s Initialized: yes 875s User PIN init.: yes 875s Label: Test Organization Root Tr Token 875s Slot 1 875s Slot info: 875s Description: SoftHSM slot ID 0x1 875s Manufacturer ID: SoftHSM project 875s Hardware version: 2.6 875s Firmware version: 2.6 875s Token present: yes 875s Token info: 875s Manufacturer ID: SoftHSM project 875s Model: SoftHSM v2 875s Hardware version: 2.6 875s Firmware version: 2.6 875s Serial number: 875s Initialized: no 875s User PIN init.: no 875s Label: 875s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 876s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-18834 -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001-key-decrypted.pem 876s writing RSA key 876s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 877s + rm /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001-key-decrypted.pem 877s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 877s Object 0: 877s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6d5b314b521253ca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 877s Type: X.509 Certificate (RSA-1024) 877s Expires: Sat Jun 14 15:26:59 2025 877s Label: Test Organization Root Trusted Certificate 0001 877s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 877s 877s Test Organization Root Tr Token 877s + echo 'Test Organization Root Tr Token' 877s + '[' -n '' ']' 877s + local output_base_name=SSSD-child-31864 877s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-31864.output 877s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-31864.pem 877s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/dev/null 877s [p11_child[1696]] [main] (0x0400): p11_child started. 877s [p11_child[1696]] [main] (0x2000): Running in [pre-auth] mode. 877s [p11_child[1696]] [main] (0x2000): Running with effective IDs: [0][0]. 877s [p11_child[1696]] [main] (0x2000): Running with real IDs [0][0]. 877s [p11_child[1696]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 877s [p11_child[1696]] [do_work] (0x0040): init_verification failed. 877s [p11_child[1696]] [main] (0x0020): p11_child failed (5) 877s + return 2 877s + valid_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /dev/null no_verification 877s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /dev/null no_verification 877s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 877s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 877s + local key_ring=/dev/null 877s + local verify_option=no_verification 877s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 877s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 877s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 877s + local key_cn 877s + local key_name 877s + local tokens_dir 877s + local output_cert_file 877s + token_name= 877s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem .pem 877s + key_name=test-root-CA-trusted-certificate-0001 877s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 877s ++ sed -n 's/ *commonName *= //p' 877s + key_cn='Test Organization Root Trusted Certificate 0001' 877s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 877s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 877s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 877s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 877s Test Organization Root Tr Token 877s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 877s + token_name='Test Organization Root Tr Token' 877s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 877s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 ']' 877s + echo 'Test Organization Root Tr Token' 877s + '[' -n no_verification ']' 877s + local verify_arg=--verify=no_verification 877s + local output_base_name=SSSD-child-25688 877s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-25688.output 877s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-25688.pem 877s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 877s [p11_child[1702]] [main] (0x0400): p11_child started. 877s [p11_child[1702]] [main] (0x2000): Running in [pre-auth] mode. 877s [p11_child[1702]] [main] (0x2000): Running with effective IDs: [0][0]. 877s [p11_child[1702]] [main] (0x2000): Running with real IDs [0][0]. 877s [p11_child[1702]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 877s [p11_child[1702]] [do_card] (0x4000): Module List: 877s [p11_child[1702]] [do_card] (0x4000): common name: [softhsm2]. 877s [p11_child[1702]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 877s [p11_child[1702]] [do_card] (0x4000): Description [SoftHSM slot ID 0x521253ca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 877s [p11_child[1702]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 877s [p11_child[1702]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x521253ca][1376932810] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 877s [p11_child[1702]] [do_card] (0x4000): Login NOT required. 877s [p11_child[1702]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 877s [p11_child[1702]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 877s [p11_child[1702]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x521253ca;slot-manufacturer=SoftHSM%20project;slot-id=1376932810;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6d5b314b521253ca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 877s [p11_child[1702]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 877s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-25688.output 878s + echo '-----BEGIN CERTIFICATE-----' 878s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-25688.output 878s + echo '-----END CERTIFICATE-----' 878s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-25688.pem 878s Certificate: 878s Data: 878s Version: 3 (0x2) 878s Serial Number: 3 (0x3) 878s Signature Algorithm: sha256WithRSAEncryption 878s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 878s Validity 878s Not Before: Jun 14 15:26:59 2024 GMT 878s Not After : Jun 14 15:26:59 2025 GMT 878s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 878s Subject Public Key Info: 878s Public Key Algorithm: rsaEncryption 878s Public-Key: (1024 bit) 878s Modulus: 878s 00:94:f5:fe:be:d6:4d:37:9e:2c:0b:11:d5:c6:dc: 878s bd:b5:f1:99:7d:31:08:76:a4:65:c0:31:19:ba:4b: 878s 85:f2:e6:75:7e:4c:96:78:9a:c5:73:f2:db:9d:d2: 878s 42:7c:97:20:3f:3c:1c:fd:ff:8b:cc:5f:2b:b0:8c: 878s cc:37:25:cf:ee:6d:2b:89:33:ff:49:1d:27:40:1f: 878s a2:e9:ce:16:ad:5b:b3:94:49:88:ca:a4:d0:16:c6: 878s 51:2c:3b:c6:5f:0a:69:af:ca:10:04:20:8d:cf:7c: 878s 6c:13:8c:65:d5:5b:44:71:66:88:a7:26:52:56:53: 878s 4c:74:78:93:c0:6a:99:83:51 878s Exponent: 65537 (0x10001) 878s X509v3 extensions: 878s X509v3 Authority Key Identifier: 878s E1:6E:F4:3F:F4:20:15:14:6C:C1:8E:09:19:24:C3:79:14:7E:79:26 878s X509v3 Basic Constraints: 878s CA:FALSE 878s Netscape Cert Type: 878s SSL Client, S/MIME 878s Netscape Comment: 878s Test Organization Root CA trusted Certificate 878s X509v3 Subject Key Identifier: 878s 62:13:28:2B:9B:9F:FE:EF:1E:83:A1:6A:16:F7:48:6B:D7:6D:A6:19 878s X509v3 Key Usage: critical 878s Digital Signature, Non Repudiation, Key Encipherment 878s X509v3 Extended Key Usage: 878s TLS Web Client Authentication, E-mail Protection 878s X509v3 Subject Alternative Name: 878s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 878s Signature Algorithm: sha256WithRSAEncryption 878s Signature Value: 878s b8:41:39:23:1b:30:64:96:78:7f:40:d6:8b:b9:12:36:98:e3: 878s 57:f3:aa:4d:87:3e:84:99:fe:f6:cd:83:8a:eb:af:d5:9b:8b: 878s 4f:af:04:52:dd:a5:15:e0:6c:4c:05:15:dd:e8:bf:92:52:6f: 878s b2:f2:aa:41:75:50:13:5a:00:43:37:a5:b4:1b:fe:3a:60:22: 878s 81:83:6f:2d:5d:d8:73:f2:e9:0c:54:a8:90:e1:5e:57:99:6c: 878s b0:fc:c9:53:8f:73:02:01:9a:46:32:70:7d:6b:09:2c:df:9d: 878s 46:18:3a:ea:05:81:44:76:87:10:ec:06:b3:9b:10:d2:f4:a4: 878s e5:dd 878s + local found_md5 expected_md5 878s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 878s + expected_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 878s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-25688.pem 878s + found_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 878s + '[' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 '!=' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 ']' 878s + output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-25688-auth.output 878s ++ basename /tmp/sssd-softhsm2-EJdWyP/SSSD-child-25688-auth.output .output 878s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-25688-auth.pem 878s + echo -n 053350 878s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 878s [p11_child[1710]] [main] (0x0400): p11_child started. 878s [p11_child[1710]] [main] (0x2000): Running in [auth] mode. 878s [p11_child[1710]] [main] (0x2000): Running with effective IDs: [0][0]. 878s [p11_child[1710]] [main] (0x2000): Running with real IDs [0][0]. 878s [p11_child[1710]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 878s [p11_child[1710]] [do_card] (0x4000): Module List: 878s [p11_child[1710]] [do_card] (0x4000): common name: [softhsm2]. 878s [p11_child[1710]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 878s [p11_child[1710]] [do_card] (0x4000): Description [SoftHSM slot ID 0x521253ca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 878s [p11_child[1710]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 878s [p11_child[1710]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x521253ca][1376932810] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 878s [p11_child[1710]] [do_card] (0x4000): Login required. 878s [p11_child[1710]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 878s [p11_child[1710]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 878s [p11_child[1710]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x521253ca;slot-manufacturer=SoftHSM%20project;slot-id=1376932810;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6d5b314b521253ca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 878s [p11_child[1710]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 878s [p11_child[1710]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 878s [p11_child[1710]] [do_card] (0x4000): Certificate verified and validated. 878s [p11_child[1710]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 878s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-25688-auth.output 878s + echo '-----BEGIN CERTIFICATE-----' 878s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-25688-auth.output 878s + echo '-----END CERTIFICATE-----' 878s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-25688-auth.pem 878s Certificate: 878s Data: 878s Version: 3 (0x2) 878s Serial Number: 3 (0x3) 878s Signature Algorithm: sha256WithRSAEncryption 878s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 878s Validity 878s Not Before: Jun 14 15:26:59 2024 GMT 878s Not After : Jun 14 15:26:59 2025 GMT 878s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 878s Subject Public Key Info: 878s Public Key Algorithm: rsaEncryption 878s Public-Key: (1024 bit) 878s Modulus: 878s 00:94:f5:fe:be:d6:4d:37:9e:2c:0b:11:d5:c6:dc: 878s bd:b5:f1:99:7d:31:08:76:a4:65:c0:31:19:ba:4b: 878s 85:f2:e6:75:7e:4c:96:78:9a:c5:73:f2:db:9d:d2: 878s 42:7c:97:20:3f:3c:1c:fd:ff:8b:cc:5f:2b:b0:8c: 878s cc:37:25:cf:ee:6d:2b:89:33:ff:49:1d:27:40:1f: 878s a2:e9:ce:16:ad:5b:b3:94:49:88:ca:a4:d0:16:c6: 878s 51:2c:3b:c6:5f:0a:69:af:ca:10:04:20:8d:cf:7c: 878s 6c:13:8c:65:d5:5b:44:71:66:88:a7:26:52:56:53: 878s 4c:74:78:93:c0:6a:99:83:51 878s Exponent: 65537 (0x10001) 878s X509v3 extensions: 878s X509v3 Authority Key Identifier: 878s E1:6E:F4:3F:F4:20:15:14:6C:C1:8E:09:19:24:C3:79:14:7E:79:26 878s X509v3 Basic Constraints: 878s CA:FALSE 878s Netscape Cert Type: 878s SSL Client, S/MIME 878s Netscape Comment: 878s Test Organization Root CA trusted Certificate 878s X509v3 Subject Key Identifier: 878s 62:13:28:2B:9B:9F:FE:EF:1E:83:A1:6A:16:F7:48:6B:D7:6D:A6:19 878s X509v3 Key Usage: critical 878s Digital Signature, Non Repudiation, Key Encipherment 878s X509v3 Extended Key Usage: 878s TLS Web Client Authentication, E-mail Protection 878s X509v3 Subject Alternative Name: 878s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 878s Signature Algorithm: sha256WithRSAEncryption 878s Signature Value: 878s b8:41:39:23:1b:30:64:96:78:7f:40:d6:8b:b9:12:36:98:e3: 878s 57:f3:aa:4d:87:3e:84:99:fe:f6:cd:83:8a:eb:af:d5:9b:8b: 878s 4f:af:04:52:dd:a5:15:e0:6c:4c:05:15:dd:e8:bf:92:52:6f: 878s b2:f2:aa:41:75:50:13:5a:00:43:37:a5:b4:1b:fe:3a:60:22: 878s 81:83:6f:2d:5d:d8:73:f2:e9:0c:54:a8:90:e1:5e:57:99:6c: 878s b0:fc:c9:53:8f:73:02:01:9a:46:32:70:7d:6b:09:2c:df:9d: 878s 46:18:3a:ea:05:81:44:76:87:10:ec:06:b3:9b:10:d2:f4:a4: 878s e5:dd 878s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-25688-auth.pem 878s + found_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 878s + '[' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 '!=' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 ']' 878s + valid_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 878s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 878s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 878s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 878s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 878s + local verify_option= 878s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 878s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 878s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 878s + local key_cn 878s + local key_name 878s + local tokens_dir 878s + local output_cert_file 878s + token_name= 878s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem .pem 878s + key_name=test-root-CA-trusted-certificate-0001 878s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 879s ++ sed -n 's/ *commonName *= //p' 879s + key_cn='Test Organization Root Trusted Certificate 0001' 879s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 879s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 879s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 879s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 879s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 879s + token_name='Test Organization Root Tr Token' 879s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 879s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 ']' 879s + echo 'Test Organization Root Tr Token' 879s Test Organization Root Tr Token 879s + '[' -n '' ']' 879s + local output_base_name=SSSD-child-4593 879s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-4593.output 879s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-4593.pem 879s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 879s [p11_child[1720]] [main] (0x0400): p11_child started. 879s [p11_child[1720]] [main] (0x2000): Running in [pre-auth] mode. 879s [p11_child[1720]] [main] (0x2000): Running with effective IDs: [0][0]. 879s [p11_child[1720]] [main] (0x2000): Running with real IDs [0][0]. 879s [p11_child[1720]] [do_card] (0x4000): Module List: 879s [p11_child[1720]] [do_card] (0x4000): common name: [softhsm2]. 879s [p11_child[1720]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 879s [p11_child[1720]] [do_card] (0x4000): Description [SoftHSM slot ID 0x521253ca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 879s [p11_child[1720]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 879s [p11_child[1720]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x521253ca][1376932810] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 879s [p11_child[1720]] [do_card] (0x4000): Login NOT required. 879s [p11_child[1720]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 879s [p11_child[1720]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 879s [p11_child[1720]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 879s [p11_child[1720]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x521253ca;slot-manufacturer=SoftHSM%20project;slot-id=1376932810;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6d5b314b521253ca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 879s [p11_child[1720]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 879s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4593.output 879s + echo '-----BEGIN CERTIFICATE-----' 879s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4593.output 879s + echo '-----END CERTIFICATE-----' 879s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4593.pem 879s Certificate: 879s Data: 879s Version: 3 (0x2) 879s Serial Number: 3 (0x3) 879s Signature Algorithm: sha256WithRSAEncryption 879s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 879s Validity 879s Not Before: Jun 14 15:26:59 2024 GMT 879s Not After : Jun 14 15:26:59 2025 GMT 879s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 879s Subject Public Key Info: 879s Public Key Algorithm: rsaEncryption 879s Public-Key: (1024 bit) 879s Modulus: 879s 00:94:f5:fe:be:d6:4d:37:9e:2c:0b:11:d5:c6:dc: 879s bd:b5:f1:99:7d:31:08:76:a4:65:c0:31:19:ba:4b: 879s 85:f2:e6:75:7e:4c:96:78:9a:c5:73:f2:db:9d:d2: 879s 42:7c:97:20:3f:3c:1c:fd:ff:8b:cc:5f:2b:b0:8c: 879s cc:37:25:cf:ee:6d:2b:89:33:ff:49:1d:27:40:1f: 879s a2:e9:ce:16:ad:5b:b3:94:49:88:ca:a4:d0:16:c6: 879s 51:2c:3b:c6:5f:0a:69:af:ca:10:04:20:8d:cf:7c: 879s 6c:13:8c:65:d5:5b:44:71:66:88:a7:26:52:56:53: 879s 4c:74:78:93:c0:6a:99:83:51 879s Exponent: 65537 (0x10001) 879s X509v3 extensions: 879s X509v3 Authority Key Identifier: 879s E1:6E:F4:3F:F4:20:15:14:6C:C1:8E:09:19:24:C3:79:14:7E:79:26 879s X509v3 Basic Constraints: 879s CA:FALSE 879s Netscape Cert Type: 879s SSL Client, S/MIME 879s Netscape Comment: 879s Test Organization Root CA trusted Certificate 879s X509v3 Subject Key Identifier: 879s 62:13:28:2B:9B:9F:FE:EF:1E:83:A1:6A:16:F7:48:6B:D7:6D:A6:19 879s X509v3 Key Usage: critical 879s Digital Signature, Non Repudiation, Key Encipherment 879s X509v3 Extended Key Usage: 879s TLS Web Client Authentication, E-mail Protection 879s X509v3 Subject Alternative Name: 879s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 879s Signature Algorithm: sha256WithRSAEncryption 879s Signature Value: 879s b8:41:39:23:1b:30:64:96:78:7f:40:d6:8b:b9:12:36:98:e3: 879s 57:f3:aa:4d:87:3e:84:99:fe:f6:cd:83:8a:eb:af:d5:9b:8b: 879s 4f:af:04:52:dd:a5:15:e0:6c:4c:05:15:dd:e8:bf:92:52:6f: 879s b2:f2:aa:41:75:50:13:5a:00:43:37:a5:b4:1b:fe:3a:60:22: 879s 81:83:6f:2d:5d:d8:73:f2:e9:0c:54:a8:90:e1:5e:57:99:6c: 879s b0:fc:c9:53:8f:73:02:01:9a:46:32:70:7d:6b:09:2c:df:9d: 879s 46:18:3a:ea:05:81:44:76:87:10:ec:06:b3:9b:10:d2:f4:a4: 879s e5:dd 879s + local found_md5 expected_md5 879s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 879s + expected_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 879s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4593.pem 879s + found_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 879s + '[' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 '!=' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 ']' 879s + output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-4593-auth.output 879s ++ basename /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4593-auth.output .output 879s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-4593-auth.pem 879s + echo -n 053350 879s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 879s [p11_child[1728]] [main] (0x0400): p11_child started. 879s [p11_child[1728]] [main] (0x2000): Running in [auth] mode. 879s [p11_child[1728]] [main] (0x2000): Running with effective IDs: [0][0]. 879s [p11_child[1728]] [main] (0x2000): Running with real IDs [0][0]. 879s [p11_child[1728]] [do_card] (0x4000): Module List: 879s [p11_child[1728]] [do_card] (0x4000): common name: [softhsm2]. 879s [p11_child[1728]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 879s [p11_child[1728]] [do_card] (0x4000): Description [SoftHSM slot ID 0x521253ca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 879s [p11_child[1728]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 879s [p11_child[1728]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x521253ca][1376932810] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 879s [p11_child[1728]] [do_card] (0x4000): Login required. 879s [p11_child[1728]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 879s [p11_child[1728]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 879s [p11_child[1728]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 879s [p11_child[1728]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x521253ca;slot-manufacturer=SoftHSM%20project;slot-id=1376932810;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6d5b314b521253ca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 879s [p11_child[1728]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 879s [p11_child[1728]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 879s [p11_child[1728]] [do_card] (0x4000): Certificate verified and validated. 879s [p11_child[1728]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 879s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4593-auth.output 879s + echo '-----BEGIN CERTIFICATE-----' 879s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4593-auth.output 879s + echo '-----END CERTIFICATE-----' 879s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4593-auth.pem 879s Certificate: 879s Data: 879s Version: 3 (0x2) 879s Serial Number: 3 (0x3) 879s Signature Algorithm: sha256WithRSAEncryption 879s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 879s Validity 879s Not Before: Jun 14 15:26:59 2024 GMT 879s Not After : Jun 14 15:26:59 2025 GMT 879s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 879s Subject Public Key Info: 879s Public Key Algorithm: rsaEncryption 879s Public-Key: (1024 bit) 879s Modulus: 879s 00:94:f5:fe:be:d6:4d:37:9e:2c:0b:11:d5:c6:dc: 879s bd:b5:f1:99:7d:31:08:76:a4:65:c0:31:19:ba:4b: 879s 85:f2:e6:75:7e:4c:96:78:9a:c5:73:f2:db:9d:d2: 879s 42:7c:97:20:3f:3c:1c:fd:ff:8b:cc:5f:2b:b0:8c: 879s cc:37:25:cf:ee:6d:2b:89:33:ff:49:1d:27:40:1f: 879s a2:e9:ce:16:ad:5b:b3:94:49:88:ca:a4:d0:16:c6: 879s 51:2c:3b:c6:5f:0a:69:af:ca:10:04:20:8d:cf:7c: 879s 6c:13:8c:65:d5:5b:44:71:66:88:a7:26:52:56:53: 879s 4c:74:78:93:c0:6a:99:83:51 879s Exponent: 65537 (0x10001) 879s X509v3 extensions: 879s X509v3 Authority Key Identifier: 879s E1:6E:F4:3F:F4:20:15:14:6C:C1:8E:09:19:24:C3:79:14:7E:79:26 879s X509v3 Basic Constraints: 879s CA:FALSE 879s Netscape Cert Type: 879s SSL Client, S/MIME 879s Netscape Comment: 879s Test Organization Root CA trusted Certificate 879s X509v3 Subject Key Identifier: 879s 62:13:28:2B:9B:9F:FE:EF:1E:83:A1:6A:16:F7:48:6B:D7:6D:A6:19 879s X509v3 Key Usage: critical 879s Digital Signature, Non Repudiation, Key Encipherment 879s X509v3 Extended Key Usage: 879s TLS Web Client Authentication, E-mail Protection 879s X509v3 Subject Alternative Name: 879s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 879s Signature Algorithm: sha256WithRSAEncryption 879s Signature Value: 879s b8:41:39:23:1b:30:64:96:78:7f:40:d6:8b:b9:12:36:98:e3: 879s 57:f3:aa:4d:87:3e:84:99:fe:f6:cd:83:8a:eb:af:d5:9b:8b: 879s 4f:af:04:52:dd:a5:15:e0:6c:4c:05:15:dd:e8:bf:92:52:6f: 879s b2:f2:aa:41:75:50:13:5a:00:43:37:a5:b4:1b:fe:3a:60:22: 879s 81:83:6f:2d:5d:d8:73:f2:e9:0c:54:a8:90:e1:5e:57:99:6c: 879s b0:fc:c9:53:8f:73:02:01:9a:46:32:70:7d:6b:09:2c:df:9d: 879s 46:18:3a:ea:05:81:44:76:87:10:ec:06:b3:9b:10:d2:f4:a4: 879s e5:dd 879s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4593-auth.pem 879s + found_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 879s + '[' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 '!=' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 ']' 879s + valid_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem partial_chain 879s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem partial_chain 879s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 879s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 879s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 879s + local verify_option=partial_chain 879s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 879s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 879s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 879s + local key_cn 879s + local key_name 879s + local tokens_dir 879s + local output_cert_file 879s + token_name= 880s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem .pem 880s + key_name=test-root-CA-trusted-certificate-0001 880s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 880s ++ sed -n 's/ *commonName *= //p' 880s + key_cn='Test Organization Root Trusted Certificate 0001' 880s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 880s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 880s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 880s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 880s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 880s Test Organization Root Tr Token 880s + token_name='Test Organization Root Tr Token' 880s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 880s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 ']' 880s + echo 'Test Organization Root Tr Token' 880s + '[' -n partial_chain ']' 880s + local verify_arg=--verify=partial_chain 880s + local output_base_name=SSSD-child-27714 880s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-27714.output 880s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-27714.pem 880s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 880s [p11_child[1738]] [main] (0x0400): p11_child started. 880s [p11_child[1738]] [main] (0x2000): Running in [pre-auth] mode. 880s [p11_child[1738]] [main] (0x2000): Running with effective IDs: [0][0]. 880s [p11_child[1738]] [main] (0x2000): Running with real IDs [0][0]. 880s [p11_child[1738]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 880s [p11_child[1738]] [do_card] (0x4000): Module List: 880s [p11_child[1738]] [do_card] (0x4000): common name: [softhsm2]. 880s [p11_child[1738]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 880s [p11_child[1738]] [do_card] (0x4000): Description [SoftHSM slot ID 0x521253ca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 880s [p11_child[1738]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 880s [p11_child[1738]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x521253ca][1376932810] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 880s [p11_child[1738]] [do_card] (0x4000): Login NOT required. 880s [p11_child[1738]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 880s [p11_child[1738]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 880s [p11_child[1738]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 880s [p11_child[1738]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x521253ca;slot-manufacturer=SoftHSM%20project;slot-id=1376932810;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6d5b314b521253ca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 880s [p11_child[1738]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 880s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-27714.output 880s + echo '-----BEGIN CERTIFICATE-----' 880s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-27714.output 880s + echo '-----END CERTIFICATE-----' 880s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-27714.pem 880s + local found_md5 expected_md5 880s Certificate: 880s Data: 880s Version: 3 (0x2) 880s Serial Number: 3 (0x3) 880s Signature Algorithm: sha256WithRSAEncryption 880s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 880s Validity 880s Not Before: Jun 14 15:26:59 2024 GMT 880s Not After : Jun 14 15:26:59 2025 GMT 880s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 880s Subject Public Key Info: 880s Public Key Algorithm: rsaEncryption 880s Public-Key: (1024 bit) 880s Modulus: 880s 00:94:f5:fe:be:d6:4d:37:9e:2c:0b:11:d5:c6:dc: 880s bd:b5:f1:99:7d:31:08:76:a4:65:c0:31:19:ba:4b: 880s 85:f2:e6:75:7e:4c:96:78:9a:c5:73:f2:db:9d:d2: 880s 42:7c:97:20:3f:3c:1c:fd:ff:8b:cc:5f:2b:b0:8c: 880s cc:37:25:cf:ee:6d:2b:89:33:ff:49:1d:27:40:1f: 880s a2:e9:ce:16:ad:5b:b3:94:49:88:ca:a4:d0:16:c6: 880s 51:2c:3b:c6:5f:0a:69:af:ca:10:04:20:8d:cf:7c: 880s 6c:13:8c:65:d5:5b:44:71:66:88:a7:26:52:56:53: 880s 4c:74:78:93:c0:6a:99:83:51 880s Exponent: 65537 (0x10001) 880s X509v3 extensions: 880s X509v3 Authority Key Identifier: 880s E1:6E:F4:3F:F4:20:15:14:6C:C1:8E:09:19:24:C3:79:14:7E:79:26 880s X509v3 Basic Constraints: 880s CA:FALSE 880s Netscape Cert Type: 880s SSL Client, S/MIME 880s Netscape Comment: 880s Test Organization Root CA trusted Certificate 880s X509v3 Subject Key Identifier: 880s 62:13:28:2B:9B:9F:FE:EF:1E:83:A1:6A:16:F7:48:6B:D7:6D:A6:19 880s X509v3 Key Usage: critical 880s Digital Signature, Non Repudiation, Key Encipherment 880s X509v3 Extended Key Usage: 880s TLS Web Client Authentication, E-mail Protection 880s X509v3 Subject Alternative Name: 880s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 880s Signature Algorithm: sha256WithRSAEncryption 880s Signature Value: 880s b8:41:39:23:1b:30:64:96:78:7f:40:d6:8b:b9:12:36:98:e3: 880s 57:f3:aa:4d:87:3e:84:99:fe:f6:cd:83:8a:eb:af:d5:9b:8b: 880s 4f:af:04:52:dd:a5:15:e0:6c:4c:05:15:dd:e8:bf:92:52:6f: 880s b2:f2:aa:41:75:50:13:5a:00:43:37:a5:b4:1b:fe:3a:60:22: 880s 81:83:6f:2d:5d:d8:73:f2:e9:0c:54:a8:90:e1:5e:57:99:6c: 880s b0:fc:c9:53:8f:73:02:01:9a:46:32:70:7d:6b:09:2c:df:9d: 880s 46:18:3a:ea:05:81:44:76:87:10:ec:06:b3:9b:10:d2:f4:a4: 880s e5:dd 880s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 880s + expected_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 880s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-27714.pem 880s + found_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 880s + '[' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 '!=' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 ']' 880s + output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-27714-auth.output 880s ++ basename /tmp/sssd-softhsm2-EJdWyP/SSSD-child-27714-auth.output .output 880s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-27714-auth.pem 880s + echo -n 053350 880s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 880s [p11_child[1746]] [main] (0x0400): p11_child started. 880s [p11_child[1746]] [main] (0x2000): Running in [auth] mode. 880s [p11_child[1746]] [main] (0x2000): Running with effective IDs: [0][0]. 880s [p11_child[1746]] [main] (0x2000): Running with real IDs [0][0]. 880s [p11_child[1746]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 880s [p11_child[1746]] [do_card] (0x4000): Module List: 880s [p11_child[1746]] [do_card] (0x4000): common name: [softhsm2]. 880s [p11_child[1746]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 880s [p11_child[1746]] [do_card] (0x4000): Description [SoftHSM slot ID 0x521253ca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 880s [p11_child[1746]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 880s [p11_child[1746]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x521253ca][1376932810] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 880s [p11_child[1746]] [do_card] (0x4000): Login required. 880s [p11_child[1746]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 880s [p11_child[1746]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 880s [p11_child[1746]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 880s [p11_child[1746]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x521253ca;slot-manufacturer=SoftHSM%20project;slot-id=1376932810;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6d5b314b521253ca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 880s [p11_child[1746]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 880s [p11_child[1746]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 880s [p11_child[1746]] [do_card] (0x4000): Certificate verified and validated. 880s [p11_child[1746]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 880s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-27714-auth.output 880s + echo '-----BEGIN CERTIFICATE-----' 880s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-27714-auth.output 880s + echo '-----END CERTIFICATE-----' 880s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-27714-auth.pem 880s Certificate: 880s Data: 880s Version: 3 (0x2) 880s Serial Number: 3 (0x3) 880s Signature Algorithm: sha256WithRSAEncryption 880s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 880s Validity 880s Not Before: Jun 14 15:26:59 2024 GMT 880s Not After : Jun 14 15:26:59 2025 GMT 880s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 880s Subject Public Key Info: 880s Public Key Algorithm: rsaEncryption 880s Public-Key: (1024 bit) 880s Modulus: 880s 00:94:f5:fe:be:d6:4d:37:9e:2c:0b:11:d5:c6:dc: 880s bd:b5:f1:99:7d:31:08:76:a4:65:c0:31:19:ba:4b: 880s 85:f2:e6:75:7e:4c:96:78:9a:c5:73:f2:db:9d:d2: 880s 42:7c:97:20:3f:3c:1c:fd:ff:8b:cc:5f:2b:b0:8c: 880s cc:37:25:cf:ee:6d:2b:89:33:ff:49:1d:27:40:1f: 880s a2:e9:ce:16:ad:5b:b3:94:49:88:ca:a4:d0:16:c6: 880s 51:2c:3b:c6:5f:0a:69:af:ca:10:04:20:8d:cf:7c: 880s 6c:13:8c:65:d5:5b:44:71:66:88:a7:26:52:56:53: 880s 4c:74:78:93:c0:6a:99:83:51 880s Exponent: 65537 (0x10001) 880s X509v3 extensions: 880s X509v3 Authority Key Identifier: 880s E1:6E:F4:3F:F4:20:15:14:6C:C1:8E:09:19:24:C3:79:14:7E:79:26 880s X509v3 Basic Constraints: 880s CA:FALSE 880s Netscape Cert Type: 880s SSL Client, S/MIME 880s Netscape Comment: 880s Test Organization Root CA trusted Certificate 880s X509v3 Subject Key Identifier: 880s 62:13:28:2B:9B:9F:FE:EF:1E:83:A1:6A:16:F7:48:6B:D7:6D:A6:19 880s X509v3 Key Usage: critical 880s Digital Signature, Non Repudiation, Key Encipherment 880s X509v3 Extended Key Usage: 880s TLS Web Client Authentication, E-mail Protection 880s X509v3 Subject Alternative Name: 880s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 880s Signature Algorithm: sha256WithRSAEncryption 880s Signature Value: 880s b8:41:39:23:1b:30:64:96:78:7f:40:d6:8b:b9:12:36:98:e3: 880s 57:f3:aa:4d:87:3e:84:99:fe:f6:cd:83:8a:eb:af:d5:9b:8b: 880s 4f:af:04:52:dd:a5:15:e0:6c:4c:05:15:dd:e8:bf:92:52:6f: 880s b2:f2:aa:41:75:50:13:5a:00:43:37:a5:b4:1b:fe:3a:60:22: 880s 81:83:6f:2d:5d:d8:73:f2:e9:0c:54:a8:90:e1:5e:57:99:6c: 880s b0:fc:c9:53:8f:73:02:01:9a:46:32:70:7d:6b:09:2c:df:9d: 880s 46:18:3a:ea:05:81:44:76:87:10:ec:06:b3:9b:10:d2:f4:a4: 880s e5:dd 880s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-27714-auth.pem 880s + found_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 880s + '[' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 '!=' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 ']' 880s + valid_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 880s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 880s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 880s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 880s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 880s + local verify_option= 880s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 880s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 880s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 880s + local key_cn 880s + local key_name 880s + local tokens_dir 880s + local output_cert_file 880s + token_name= 880s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem .pem 880s + key_name=test-root-CA-trusted-certificate-0001 880s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 880s ++ sed -n 's/ *commonName *= //p' 880s + key_cn='Test Organization Root Trusted Certificate 0001' 880s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 880s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 880s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 880s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 880s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 880s + token_name='Test Organization Root Tr Token' 880s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 880s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 ']' 880s + echo 'Test Organization Root Tr Token' 880s + '[' -n '' ']' 880s + local output_base_name=SSSD-child-23991 880s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-23991.output 880s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-23991.pem 880s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 880s [p11_child[1756]] [main] (0x0400): p11_child started. 880s [p11_child[1756]] [main] (0x2000): Running in [pre-auth] mode. 880s [p11_child[1756]] [main] (0x2000): Running with effective IDs: [0][0]. 880s [p11_child[1756]] [main] (0x2000): Running with real IDs [0][0]. 880s Test Organization Root Tr Token 880s [p11_child[1756]] [do_card] (0x4000): Module List: 880s [p11_child[1756]] [do_card] (0x4000): common name: [softhsm2]. 880s [p11_child[1756]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 880s [p11_child[1756]] [do_card] (0x4000): Description [SoftHSM slot ID 0x521253ca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 880s [p11_child[1756]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 880s [p11_child[1756]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x521253ca][1376932810] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 880s [p11_child[1756]] [do_card] (0x4000): Login NOT required. 880s [p11_child[1756]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 880s [p11_child[1756]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 880s [p11_child[1756]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 880s [p11_child[1756]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x521253ca;slot-manufacturer=SoftHSM%20project;slot-id=1376932810;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6d5b314b521253ca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 880s [p11_child[1756]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 880s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-23991.output 880s + echo '-----BEGIN CERTIFICATE-----' 880s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-23991.output 880s + echo '-----END CERTIFICATE-----' 880s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-23991.pem 881s + local found_md5 expected_md5 881s Certificate: 881s Data: 881s Version: 3 (0x2) 881s Serial Number: 3 (0x3) 881s Signature Algorithm: sha256WithRSAEncryption 881s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 881s Validity 881s Not Before: Jun 14 15:26:59 2024 GMT 881s Not After : Jun 14 15:26:59 2025 GMT 881s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 881s Subject Public Key Info: 881s Public Key Algorithm: rsaEncryption 881s Public-Key: (1024 bit) 881s Modulus: 881s 00:94:f5:fe:be:d6:4d:37:9e:2c:0b:11:d5:c6:dc: 881s bd:b5:f1:99:7d:31:08:76:a4:65:c0:31:19:ba:4b: 881s 85:f2:e6:75:7e:4c:96:78:9a:c5:73:f2:db:9d:d2: 881s 42:7c:97:20:3f:3c:1c:fd:ff:8b:cc:5f:2b:b0:8c: 881s cc:37:25:cf:ee:6d:2b:89:33:ff:49:1d:27:40:1f: 881s a2:e9:ce:16:ad:5b:b3:94:49:88:ca:a4:d0:16:c6: 881s 51:2c:3b:c6:5f:0a:69:af:ca:10:04:20:8d:cf:7c: 881s 6c:13:8c:65:d5:5b:44:71:66:88:a7:26:52:56:53: 881s 4c:74:78:93:c0:6a:99:83:51 881s Exponent: 65537 (0x10001) 881s X509v3 extensions: 881s X509v3 Authority Key Identifier: 881s E1:6E:F4:3F:F4:20:15:14:6C:C1:8E:09:19:24:C3:79:14:7E:79:26 881s X509v3 Basic Constraints: 881s CA:FALSE 881s Netscape Cert Type: 881s SSL Client, S/MIME 881s Netscape Comment: 881s Test Organization Root CA trusted Certificate 881s X509v3 Subject Key Identifier: 881s 62:13:28:2B:9B:9F:FE:EF:1E:83:A1:6A:16:F7:48:6B:D7:6D:A6:19 881s X509v3 Key Usage: critical 881s Digital Signature, Non Repudiation, Key Encipherment 881s X509v3 Extended Key Usage: 881s TLS Web Client Authentication, E-mail Protection 881s X509v3 Subject Alternative Name: 881s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 881s Signature Algorithm: sha256WithRSAEncryption 881s Signature Value: 881s b8:41:39:23:1b:30:64:96:78:7f:40:d6:8b:b9:12:36:98:e3: 881s 57:f3:aa:4d:87:3e:84:99:fe:f6:cd:83:8a:eb:af:d5:9b:8b: 881s 4f:af:04:52:dd:a5:15:e0:6c:4c:05:15:dd:e8:bf:92:52:6f: 881s b2:f2:aa:41:75:50:13:5a:00:43:37:a5:b4:1b:fe:3a:60:22: 881s 81:83:6f:2d:5d:d8:73:f2:e9:0c:54:a8:90:e1:5e:57:99:6c: 881s b0:fc:c9:53:8f:73:02:01:9a:46:32:70:7d:6b:09:2c:df:9d: 881s 46:18:3a:ea:05:81:44:76:87:10:ec:06:b3:9b:10:d2:f4:a4: 881s e5:dd 881s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 881s + expected_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 881s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-23991.pem 881s + found_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 881s + '[' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 '!=' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 ']' 881s + output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-23991-auth.output 881s ++ basename /tmp/sssd-softhsm2-EJdWyP/SSSD-child-23991-auth.output .output 881s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-23991-auth.pem 881s + echo -n 053350 881s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 881s [p11_child[1764]] [main] (0x0400): p11_child started. 881s [p11_child[1764]] [main] (0x2000): Running in [auth] mode. 881s [p11_child[1764]] [main] (0x2000): Running with effective IDs: [0][0]. 881s [p11_child[1764]] [main] (0x2000): Running with real IDs [0][0]. 881s [p11_child[1764]] [do_card] (0x4000): Module List: 881s [p11_child[1764]] [do_card] (0x4000): common name: [softhsm2]. 881s [p11_child[1764]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 881s [p11_child[1764]] [do_card] (0x4000): Description [SoftHSM slot ID 0x521253ca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 881s [p11_child[1764]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 881s [p11_child[1764]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x521253ca][1376932810] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 881s [p11_child[1764]] [do_card] (0x4000): Login required. 881s [p11_child[1764]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 881s [p11_child[1764]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 881s [p11_child[1764]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 881s [p11_child[1764]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x521253ca;slot-manufacturer=SoftHSM%20project;slot-id=1376932810;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6d5b314b521253ca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 881s [p11_child[1764]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 881s [p11_child[1764]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 881s [p11_child[1764]] [do_card] (0x4000): Certificate verified and validated. 881s [p11_child[1764]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 881s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-23991-auth.output 881s + echo '-----BEGIN CERTIFICATE-----' 881s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-23991-auth.output 881s + echo '-----END CERTIFICATE-----' 881s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-23991-auth.pem 881s Certificate: 881s Data: 881s Version: 3 (0x2) 881s Serial Number: 3 (0x3) 881s Signature Algorithm: sha256WithRSAEncryption 881s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 881s Validity 881s Not Before: Jun 14 15:26:59 2024 GMT 881s Not After : Jun 14 15:26:59 2025 GMT 881s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 881s Subject Public Key Info: 881s Public Key Algorithm: rsaEncryption 881s Public-Key: (1024 bit) 881s Modulus: 881s 00:94:f5:fe:be:d6:4d:37:9e:2c:0b:11:d5:c6:dc: 881s bd:b5:f1:99:7d:31:08:76:a4:65:c0:31:19:ba:4b: 881s 85:f2:e6:75:7e:4c:96:78:9a:c5:73:f2:db:9d:d2: 881s 42:7c:97:20:3f:3c:1c:fd:ff:8b:cc:5f:2b:b0:8c: 881s cc:37:25:cf:ee:6d:2b:89:33:ff:49:1d:27:40:1f: 881s a2:e9:ce:16:ad:5b:b3:94:49:88:ca:a4:d0:16:c6: 881s 51:2c:3b:c6:5f:0a:69:af:ca:10:04:20:8d:cf:7c: 881s 6c:13:8c:65:d5:5b:44:71:66:88:a7:26:52:56:53: 881s 4c:74:78:93:c0:6a:99:83:51 881s Exponent: 65537 (0x10001) 881s X509v3 extensions: 881s X509v3 Authority Key Identifier: 881s E1:6E:F4:3F:F4:20:15:14:6C:C1:8E:09:19:24:C3:79:14:7E:79:26 881s X509v3 Basic Constraints: 881s CA:FALSE 881s Netscape Cert Type: 881s SSL Client, S/MIME 881s Netscape Comment: 881s Test Organization Root CA trusted Certificate 881s X509v3 Subject Key Identifier: 881s 62:13:28:2B:9B:9F:FE:EF:1E:83:A1:6A:16:F7:48:6B:D7:6D:A6:19 881s X509v3 Key Usage: critical 881s Digital Signature, Non Repudiation, Key Encipherment 881s X509v3 Extended Key Usage: 881s TLS Web Client Authentication, E-mail Protection 881s X509v3 Subject Alternative Name: 881s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 881s Signature Algorithm: sha256WithRSAEncryption 881s Signature Value: 881s b8:41:39:23:1b:30:64:96:78:7f:40:d6:8b:b9:12:36:98:e3: 881s 57:f3:aa:4d:87:3e:84:99:fe:f6:cd:83:8a:eb:af:d5:9b:8b: 881s 4f:af:04:52:dd:a5:15:e0:6c:4c:05:15:dd:e8:bf:92:52:6f: 881s b2:f2:aa:41:75:50:13:5a:00:43:37:a5:b4:1b:fe:3a:60:22: 881s 81:83:6f:2d:5d:d8:73:f2:e9:0c:54:a8:90:e1:5e:57:99:6c: 881s b0:fc:c9:53:8f:73:02:01:9a:46:32:70:7d:6b:09:2c:df:9d: 881s 46:18:3a:ea:05:81:44:76:87:10:ec:06:b3:9b:10:d2:f4:a4: 881s e5:dd 881s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-23991-auth.pem 881s + found_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 881s + '[' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 '!=' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 ']' 881s + valid_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem partial_chain 881s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem partial_chain 881s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 881s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 881s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 881s + local verify_option=partial_chain 881s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 881s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 881s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 881s + local key_cn 881s + local key_name 881s + local tokens_dir 881s + local output_cert_file 881s + token_name= 881s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem .pem 881s + key_name=test-root-CA-trusted-certificate-0001 881s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 881s ++ sed -n 's/ *commonName *= //p' 881s + key_cn='Test Organization Root Trusted Certificate 0001' 881s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 881s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 881s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 881s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 881s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 881s + token_name='Test Organization Root Tr Token' 881s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 881s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 ']' 881s + echo 'Test Organization Root Tr Token' 881s Test Organization Root Tr Token 881s + '[' -n partial_chain ']' 881s + local verify_arg=--verify=partial_chain 881s + local output_base_name=SSSD-child-28855 881s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-28855.output 881s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-28855.pem 881s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 881s [p11_child[1774]] [main] (0x0400): p11_child started. 881s [p11_child[1774]] [main] (0x2000): Running in [pre-auth] mode. 881s [p11_child[1774]] [main] (0x2000): Running with effective IDs: [0][0]. 881s [p11_child[1774]] [main] (0x2000): Running with real IDs [0][0]. 881s [p11_child[1774]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 881s [p11_child[1774]] [do_card] (0x4000): Module List: 881s [p11_child[1774]] [do_card] (0x4000): common name: [softhsm2]. 881s [p11_child[1774]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 881s [p11_child[1774]] [do_card] (0x4000): Description [SoftHSM slot ID 0x521253ca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 881s [p11_child[1774]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 881s [p11_child[1774]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x521253ca][1376932810] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 881s [p11_child[1774]] [do_card] (0x4000): Login NOT required. 881s [p11_child[1774]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 881s [p11_child[1774]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 881s [p11_child[1774]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 881s [p11_child[1774]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x521253ca;slot-manufacturer=SoftHSM%20project;slot-id=1376932810;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6d5b314b521253ca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 881s [p11_child[1774]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 881s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-28855.output 881s + echo '-----BEGIN CERTIFICATE-----' 881s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-28855.output 881s + echo '-----END CERTIFICATE-----' 881s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-28855.pem 881s Certificate: 881s Data: 881s Version: 3 (0x2) 881s Serial Number: 3 (0x3) 881s Signature Algorithm: sha256WithRSAEncryption 881s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 881s Validity 881s Not Before: Jun 14 15:26:59 2024 GMT 881s Not After : Jun 14 15:26:59 2025 GMT 881s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 881s Subject Public Key Info: 881s Public Key Algorithm: rsaEncryption 881s Public-Key: (1024 bit) 881s Modulus: 881s 00:94:f5:fe:be:d6:4d:37:9e:2c:0b:11:d5:c6:dc: 881s bd:b5:f1:99:7d:31:08:76:a4:65:c0:31:19:ba:4b: 881s 85:f2:e6:75:7e:4c:96:78:9a:c5:73:f2:db:9d:d2: 881s 42:7c:97:20:3f:3c:1c:fd:ff:8b:cc:5f:2b:b0:8c: 881s cc:37:25:cf:ee:6d:2b:89:33:ff:49:1d:27:40:1f: 881s a2:e9:ce:16:ad:5b:b3:94:49:88:ca:a4:d0:16:c6: 881s 51:2c:3b:c6:5f:0a:69:af:ca:10:04:20:8d:cf:7c: 881s 6c:13:8c:65:d5:5b:44:71:66:88:a7:26:52:56:53: 881s 4c:74:78:93:c0:6a:99:83:51 881s Exponent: 65537 (0x10001) 881s X509v3 extensions: 881s X509v3 Authority Key Identifier: 881s E1:6E:F4:3F:F4:20:15:14:6C:C1:8E:09:19:24:C3:79:14:7E:79:26 881s X509v3 Basic Constraints: 881s CA:FALSE 881s Netscape Cert Type: 881s SSL Client, S/MIME 881s Netscape Comment: 881s Test Organization Root CA trusted Certificate 881s X509v3 Subject Key Identifier: 881s 62:13:28:2B:9B:9F:FE:EF:1E:83:A1:6A:16:F7:48:6B:D7:6D:A6:19 881s X509v3 Key Usage: critical 881s Digital Signature, Non Repudiation, Key Encipherment 881s X509v3 Extended Key Usage: 881s TLS Web Client Authentication, E-mail Protection 881s X509v3 Subject Alternative Name: 881s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 881s Signature Algorithm: sha256WithRSAEncryption 881s Signature Value: 881s b8:41:39:23:1b:30:64:96:78:7f:40:d6:8b:b9:12:36:98:e3: 881s 57:f3:aa:4d:87:3e:84:99:fe:f6:cd:83:8a:eb:af:d5:9b:8b: 881s 4f:af:04:52:dd:a5:15:e0:6c:4c:05:15:dd:e8:bf:92:52:6f: 881s b2:f2:aa:41:75:50:13:5a:00:43:37:a5:b4:1b:fe:3a:60:22: 881s 81:83:6f:2d:5d:d8:73:f2:e9:0c:54:a8:90:e1:5e:57:99:6c: 881s b0:fc:c9:53:8f:73:02:01:9a:46:32:70:7d:6b:09:2c:df:9d: 881s 46:18:3a:ea:05:81:44:76:87:10:ec:06:b3:9b:10:d2:f4:a4: 881s e5:dd 881s + local found_md5 expected_md5 881s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 881s + expected_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 881s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-28855.pem 881s + found_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 881s + '[' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 '!=' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 ']' 881s + output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-28855-auth.output 881s ++ basename /tmp/sssd-softhsm2-EJdWyP/SSSD-child-28855-auth.output .output 881s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-28855-auth.pem 881s + echo -n 053350 881s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 882s [p11_child[1782]] [main] (0x0400): p11_child started. 882s [p11_child[1782]] [main] (0x2000): Running in [auth] mode. 882s [p11_child[1782]] [main] (0x2000): Running with effective IDs: [0][0]. 882s [p11_child[1782]] [main] (0x2000): Running with real IDs [0][0]. 882s [p11_child[1782]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 882s [p11_child[1782]] [do_card] (0x4000): Module List: 882s [p11_child[1782]] [do_card] (0x4000): common name: [softhsm2]. 882s [p11_child[1782]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 882s [p11_child[1782]] [do_card] (0x4000): Description [SoftHSM slot ID 0x521253ca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 882s [p11_child[1782]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 882s [p11_child[1782]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x521253ca][1376932810] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 882s [p11_child[1782]] [do_card] (0x4000): Login required. 882s [p11_child[1782]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 882s [p11_child[1782]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 882s [p11_child[1782]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 882s [p11_child[1782]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x521253ca;slot-manufacturer=SoftHSM%20project;slot-id=1376932810;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6d5b314b521253ca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 882s [p11_child[1782]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 882s [p11_child[1782]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 882s [p11_child[1782]] [do_card] (0x4000): Certificate verified and validated. 882s [p11_child[1782]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 882s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-28855-auth.output 882s + echo '-----BEGIN CERTIFICATE-----' 882s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-28855-auth.output 882s + echo '-----END CERTIFICATE-----' 882s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-28855-auth.pem 882s Certificate: 882s Data: 882s Version: 3 (0x2) 882s Serial Number: 3 (0x3) 882s Signature Algorithm: sha256WithRSAEncryption 882s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 882s Validity 882s Not Before: Jun 14 15:26:59 2024 GMT 882s Not After : Jun 14 15:26:59 2025 GMT 882s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 882s Subject Public Key Info: 882s Public Key Algorithm: rsaEncryption 882s Public-Key: (1024 bit) 882s Modulus: 882s 00:94:f5:fe:be:d6:4d:37:9e:2c:0b:11:d5:c6:dc: 882s bd:b5:f1:99:7d:31:08:76:a4:65:c0:31:19:ba:4b: 882s 85:f2:e6:75:7e:4c:96:78:9a:c5:73:f2:db:9d:d2: 882s 42:7c:97:20:3f:3c:1c:fd:ff:8b:cc:5f:2b:b0:8c: 882s cc:37:25:cf:ee:6d:2b:89:33:ff:49:1d:27:40:1f: 882s a2:e9:ce:16:ad:5b:b3:94:49:88:ca:a4:d0:16:c6: 882s 51:2c:3b:c6:5f:0a:69:af:ca:10:04:20:8d:cf:7c: 882s 6c:13:8c:65:d5:5b:44:71:66:88:a7:26:52:56:53: 882s 4c:74:78:93:c0:6a:99:83:51 882s Exponent: 65537 (0x10001) 882s X509v3 extensions: 882s X509v3 Authority Key Identifier: 882s E1:6E:F4:3F:F4:20:15:14:6C:C1:8E:09:19:24:C3:79:14:7E:79:26 882s X509v3 Basic Constraints: 882s CA:FALSE 882s Netscape Cert Type: 882s SSL Client, S/MIME 882s Netscape Comment: 882s Test Organization Root CA trusted Certificate 882s X509v3 Subject Key Identifier: 882s 62:13:28:2B:9B:9F:FE:EF:1E:83:A1:6A:16:F7:48:6B:D7:6D:A6:19 882s X509v3 Key Usage: critical 882s Digital Signature, Non Repudiation, Key Encipherment 882s X509v3 Extended Key Usage: 882s TLS Web Client Authentication, E-mail Protection 882s X509v3 Subject Alternative Name: 882s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 882s Signature Algorithm: sha256WithRSAEncryption 882s Signature Value: 882s b8:41:39:23:1b:30:64:96:78:7f:40:d6:8b:b9:12:36:98:e3: 882s 57:f3:aa:4d:87:3e:84:99:fe:f6:cd:83:8a:eb:af:d5:9b:8b: 882s 4f:af:04:52:dd:a5:15:e0:6c:4c:05:15:dd:e8:bf:92:52:6f: 882s b2:f2:aa:41:75:50:13:5a:00:43:37:a5:b4:1b:fe:3a:60:22: 882s 81:83:6f:2d:5d:d8:73:f2:e9:0c:54:a8:90:e1:5e:57:99:6c: 882s b0:fc:c9:53:8f:73:02:01:9a:46:32:70:7d:6b:09:2c:df:9d: 882s 46:18:3a:ea:05:81:44:76:87:10:ec:06:b3:9b:10:d2:f4:a4: 882s e5:dd 882s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-28855-auth.pem 882s + found_md5=Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 882s + '[' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 '!=' Modulus=94F5FEBED64D379E2C0B11D5C6DCBDB5F1997D310876A465C03119BA4B85F2E6757E4C96789AC573F2DB9DD2427C97203F3C1CFDFF8BCC5F2BB08CCC3725CFEE6D2B8933FF491D27401FA2E9CE16AD5BB3944988CAA4D016C6512C3BC65F0A69AFCA1004208DCF7C6C138C65D55B44716688A7265256534C747893C06A998351 ']' 882s + invalid_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 882s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 882s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 882s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 882s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 882s + local verify_option= 882s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 882s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 882s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 882s + local key_cn 882s + local key_name 882s + local tokens_dir 882s + local output_cert_file 882s + token_name= 882s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem .pem 882s + key_name=test-root-CA-trusted-certificate-0001 882s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 882s ++ sed -n 's/ *commonName *= //p' 882s + key_cn='Test Organization Root Trusted Certificate 0001' 882s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 882s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 882s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 882s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 882s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 882s + token_name='Test Organization Root Tr Token' 882s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 882s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 ']' 882s + echo 'Test Organization Root Tr Token' 882s + '[' -n '' ']' 882s + local output_base_name=SSSD-child-11029 882s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-11029.output 882s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-11029.pem 882s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 882s Test Organization Root Tr Token 882s [p11_child[1792]] [main] (0x0400): p11_child started. 882s [p11_child[1792]] [main] (0x2000): Running in [pre-auth] mode. 882s [p11_child[1792]] [main] (0x2000): Running with effective IDs: [0][0]. 882s [p11_child[1792]] [main] (0x2000): Running with real IDs [0][0]. 882s [p11_child[1792]] [do_card] (0x4000): Module List: 882s [p11_child[1792]] [do_card] (0x4000): common name: [softhsm2]. 882s [p11_child[1792]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 882s [p11_child[1792]] [do_card] (0x4000): Description [SoftHSM slot ID 0x521253ca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 882s [p11_child[1792]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 882s [p11_child[1792]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x521253ca][1376932810] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 882s [p11_child[1792]] [do_card] (0x4000): Login NOT required. 882s [p11_child[1792]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 882s [p11_child[1792]] [do_verification] (0x0040): X509_verify_cert failed [0]. 882s [p11_child[1792]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 882s [p11_child[1792]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 882s [p11_child[1792]] [do_card] (0x4000): No certificate found. 882s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-11029.output 882s + return 2 882s + invalid_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem partial_chain 882s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem partial_chain 882s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 882s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 882s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 882s + local verify_option=partial_chain 882s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18834 882s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 882s + local key_pass=pass:random-root-ca-trusted-cert-0001-18834 882s + local key_cn 882s + local key_name 882s + local tokens_dir 882s + local output_cert_file 882s + token_name= 882s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem .pem 882s + key_name=test-root-CA-trusted-certificate-0001 882s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-root-CA-trusted-certificate-0001.pem 882s ++ sed -n 's/ *commonName *= //p' 883s + key_cn='Test Organization Root Trusted Certificate 0001' 883s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 883s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 883s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf 883s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 883s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 883s + token_name='Test Organization Root Tr Token' 883s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 883s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-root-CA-trusted-certificate-0001 ']' 883s + echo 'Test Organization Root Tr Token' 883s Test Organization Root Tr Token 883s + '[' -n partial_chain ']' 883s + local verify_arg=--verify=partial_chain 883s + local output_base_name=SSSD-child-1966 883s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-1966.output 883s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-1966.pem 883s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 883s [p11_child[1799]] [main] (0x0400): p11_child started. 883s [p11_child[1799]] [main] (0x2000): Running in [pre-auth] mode. 883s [p11_child[1799]] [main] (0x2000): Running with effective IDs: [0][0]. 883s [p11_child[1799]] [main] (0x2000): Running with real IDs [0][0]. 883s [p11_child[1799]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 883s [p11_child[1799]] [do_card] (0x4000): Module List: 883s [p11_child[1799]] [do_card] (0x4000): common name: [softhsm2]. 883s [p11_child[1799]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 883s [p11_child[1799]] [do_card] (0x4000): Description [SoftHSM slot ID 0x521253ca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 883s [p11_child[1799]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 883s [p11_child[1799]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x521253ca][1376932810] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 883s [p11_child[1799]] [do_card] (0x4000): Login NOT required. 883s [p11_child[1799]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 883s [p11_child[1799]] [do_verification] (0x0040): X509_verify_cert failed [0]. 883s [p11_child[1799]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 883s [p11_child[1799]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 883s [p11_child[1799]] [do_card] (0x4000): No certificate found. 883s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-1966.output 883s + return 2 883s + invalid_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /dev/null 883s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /dev/null 883s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 883s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 883s + local key_ring=/dev/null 883s + local verify_option= 883s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 883s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 883s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 883s + local key_cn 883s + local key_name 883s + local tokens_dir 883s + local output_cert_file 883s + token_name= 883s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem .pem 883s + key_name=test-intermediate-CA-trusted-certificate-0001 883s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 883s ++ sed -n 's/ *commonName *= //p' 883s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 883s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 883s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 883s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 883s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 883s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 883s + token_name='Test Organization Interme Token' 883s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 883s + local key_file 883s + local decrypted_key 883s + mkdir -p /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 883s + key_file=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001-key.pem 883s + decrypted_key=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 883s + cat 883s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 883s Slot 0 has a free/uninitialized token. 883s The token has been initialized and is reassigned to slot 562858168 883s + softhsm2-util --show-slots 883s Available slots: 883s Slot 562858168 883s Slot info: 883s Description: SoftHSM slot ID 0x218c88b8 883s Manufacturer ID: SoftHSM project 883s Hardware version: 2.6 883s Firmware version: 2.6 883s Token present: yes 883s Token info: 883s Manufacturer ID: SoftHSM project 883s Model: SoftHSM v2 883s Hardware version: 2.6 883s Firmware version: 2.6 883s Serial number: fe5765baa18c88b8 883s Initialized: yes 883s User PIN init.: yes 883s Label: Test Organization Interme Token 883s Slot 1 883s Slot info: 883s Description: SoftHSM slot ID 0x1 883s Manufacturer ID: SoftHSM project 883s Hardware version: 2.6 883s Firmware version: 2.6 883s Token present: yes 883s Token info: 883s Manufacturer ID: SoftHSM project 883s Model: SoftHSM v2 883s Hardware version: 2.6 883s Firmware version: 2.6 883s Serial number: 883s Initialized: no 883s User PIN init.: no 883s Label: 883s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 883s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-7299 -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 883s writing RSA key 883s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 883s + rm /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 883s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 883s Object 0: 883s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fe5765baa18c88b8;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 883s Type: X.509 Certificate (RSA-1024) 883s Expires: Sat Jun 14 15:26:59 2025 883s Label: Test Organization Intermediate Trusted Certificate 0001 883s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 883s 883s Test Organization Interme Token 883s + echo 'Test Organization Interme Token' 883s + '[' -n '' ']' 883s + local output_base_name=SSSD-child-21387 883s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-21387.output 883s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-21387.pem 883s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/dev/null 883s [p11_child[1815]] [main] (0x0400): p11_child started. 883s [p11_child[1815]] [main] (0x2000): Running in [pre-auth] mode. 883s [p11_child[1815]] [main] (0x2000): Running with effective IDs: [0][0]. 883s [p11_child[1815]] [main] (0x2000): Running with real IDs [0][0]. 883s [p11_child[1815]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 883s [p11_child[1815]] [do_work] (0x0040): init_verification failed. 883s [p11_child[1815]] [main] (0x0020): p11_child failed (5) 883s + return 2 883s + valid_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /dev/null no_verification 883s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /dev/null no_verification 883s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 883s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 883s + local key_ring=/dev/null 883s + local verify_option=no_verification 883s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 883s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 883s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 883s + local key_cn 883s + local key_name 883s + local tokens_dir 883s + local output_cert_file 883s + token_name= 883s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem .pem 883s + key_name=test-intermediate-CA-trusted-certificate-0001 883s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 883s ++ sed -n 's/ *commonName *= //p' 883s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 883s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 883s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 883s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 883s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 883s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 883s + token_name='Test Organization Interme Token' 883s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 883s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 883s + echo 'Test Organization Interme Token' 883s Test Organization Interme Token 883s + '[' -n no_verification ']' 883s + local verify_arg=--verify=no_verification 883s + local output_base_name=SSSD-child-2890 883s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-2890.output 883s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-2890.pem 883s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 883s [p11_child[1821]] [main] (0x0400): p11_child started. 883s [p11_child[1821]] [main] (0x2000): Running in [pre-auth] mode. 883s [p11_child[1821]] [main] (0x2000): Running with effective IDs: [0][0]. 883s [p11_child[1821]] [main] (0x2000): Running with real IDs [0][0]. 883s [p11_child[1821]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 883s [p11_child[1821]] [do_card] (0x4000): Module List: 883s [p11_child[1821]] [do_card] (0x4000): common name: [softhsm2]. 883s [p11_child[1821]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 883s [p11_child[1821]] [do_card] (0x4000): Description [SoftHSM slot ID 0x218c88b8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 883s [p11_child[1821]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 883s [p11_child[1821]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x218c88b8][562858168] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 883s [p11_child[1821]] [do_card] (0x4000): Login NOT required. 883s [p11_child[1821]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 883s [p11_child[1821]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 883s [p11_child[1821]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x218c88b8;slot-manufacturer=SoftHSM%20project;slot-id=562858168;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fe5765baa18c88b8;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 883s [p11_child[1821]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 883s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-2890.output 883s + echo '-----BEGIN CERTIFICATE-----' 883s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-2890.output 883s + echo '-----END CERTIFICATE-----' 883s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-2890.pem 883s + local found_md5 expected_md5 883s Certificate: 883s Data: 883s Version: 3 (0x2) 883s Serial Number: 4 (0x4) 883s Signature Algorithm: sha256WithRSAEncryption 883s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 883s Validity 883s Not Before: Jun 14 15:26:59 2024 GMT 883s Not After : Jun 14 15:26:59 2025 GMT 883s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 883s Subject Public Key Info: 883s Public Key Algorithm: rsaEncryption 883s Public-Key: (1024 bit) 883s Modulus: 883s 00:e1:2f:b5:7e:97:d5:0a:c6:bd:b7:de:c7:8f:b1: 883s 38:b9:2b:e4:2f:0f:f3:ca:04:e6:8a:b7:38:cc:16: 883s 67:34:60:09:8c:33:53:52:37:fd:55:04:31:9f:31: 883s 89:8d:e2:16:99:b9:a3:c5:b4:46:fa:32:7d:64:ec: 883s 68:2e:44:20:c1:c7:79:47:72:46:e4:13:b0:8a:a8: 883s 9b:0d:75:be:bb:df:2a:26:2e:2b:3c:d5:1f:bc:50: 883s 0d:0e:55:08:de:9f:e8:6f:57:f9:7f:b5:5b:c8:be: 883s 8d:0c:1b:e6:d3:16:1a:be:45:99:8e:f6:22:a1:c1: 883s 9d:a4:f6:fd:8b:66:b4:5c:ef 883s Exponent: 65537 (0x10001) 883s X509v3 extensions: 883s X509v3 Authority Key Identifier: 883s 74:DB:20:B8:73:6A:1F:F1:BE:B0:66:9E:8F:CB:63:37:BE:39:06:B3 883s X509v3 Basic Constraints: 883s CA:FALSE 883s Netscape Cert Type: 883s SSL Client, S/MIME 883s Netscape Comment: 883s Test Organization Intermediate CA trusted Certificate 883s X509v3 Subject Key Identifier: 883s 39:B7:A8:C9:CC:72:65:EB:76:88:2B:BE:1A:60:F5:DB:0C:90:00:F5 883s X509v3 Key Usage: critical 883s Digital Signature, Non Repudiation, Key Encipherment 883s X509v3 Extended Key Usage: 883s TLS Web Client Authentication, E-mail Protection 883s X509v3 Subject Alternative Name: 883s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 883s Signature Algorithm: sha256WithRSAEncryption 883s Signature Value: 883s 70:26:fe:fc:01:7e:83:52:f7:60:f6:17:4a:72:a0:86:40:95: 883s 18:55:7c:f6:89:18:c4:fa:f5:4e:40:0b:88:f0:a1:d3:5e:be: 883s 65:7f:1f:3d:16:81:89:b9:2e:7e:97:ab:b4:83:40:fc:43:b3: 883s 15:c6:5f:ec:a1:61:d3:25:3b:91:0a:5e:1a:a0:27:da:95:2a: 883s 40:7f:2f:9a:82:7f:cd:12:06:5b:21:ae:8e:5c:18:7d:11:58: 883s 96:69:7d:ce:fd:a2:13:fb:d5:aa:63:20:f1:c2:da:5b:5b:18: 883s 6e:76:ca:1a:e3:9d:1c:7c:6a:c6:ab:f4:47:d1:62:f7:a2:28: 883s eb:ea 883s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 883s + expected_md5=Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF 883s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-2890.pem 883s + found_md5=Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF 883s + '[' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF '!=' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF ']' 883s + output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-2890-auth.output 883s ++ basename /tmp/sssd-softhsm2-EJdWyP/SSSD-child-2890-auth.output .output 883s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-2890-auth.pem 883s + echo -n 053350 883s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 883s [p11_child[1829]] [main] (0x0400): p11_child started. 883s [p11_child[1829]] [main] (0x2000): Running in [auth] mode. 883s [p11_child[1829]] [main] (0x2000): Running with effective IDs: [0][0]. 883s [p11_child[1829]] [main] (0x2000): Running with real IDs [0][0]. 883s [p11_child[1829]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 883s [p11_child[1829]] [do_card] (0x4000): Module List: 883s [p11_child[1829]] [do_card] (0x4000): common name: [softhsm2]. 883s [p11_child[1829]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 883s [p11_child[1829]] [do_card] (0x4000): Description [SoftHSM slot ID 0x218c88b8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 883s [p11_child[1829]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 883s [p11_child[1829]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x218c88b8][562858168] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 883s [p11_child[1829]] [do_card] (0x4000): Login required. 883s [p11_child[1829]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 883s [p11_child[1829]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 883s [p11_child[1829]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x218c88b8;slot-manufacturer=SoftHSM%20project;slot-id=562858168;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fe5765baa18c88b8;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 883s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 884s [p11_child[1829]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 884s [p11_child[1829]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 884s [p11_child[1829]] [do_card] (0x4000): Certificate verified and validated. 884s [p11_child[1829]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 884s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-2890-auth.output 884s + echo '-----BEGIN CERTIFICATE-----' 884s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-2890-auth.output 884s + echo '-----END CERTIFICATE-----' 884s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-2890-auth.pem 884s Certificate: 884s Data: 884s Version: 3 (0x2) 884s Serial Number: 4 (0x4) 884s Signature Algorithm: sha256WithRSAEncryption 884s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 884s Validity 884s Not Before: Jun 14 15:26:59 2024 GMT 884s Not After : Jun 14 15:26:59 2025 GMT 884s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 884s Subject Public Key Info: 884s Public Key Algorithm: rsaEncryption 884s Public-Key: (1024 bit) 884s Modulus: 884s 00:e1:2f:b5:7e:97:d5:0a:c6:bd:b7:de:c7:8f:b1: 884s 38:b9:2b:e4:2f:0f:f3:ca:04:e6:8a:b7:38:cc:16: 884s 67:34:60:09:8c:33:53:52:37:fd:55:04:31:9f:31: 884s 89:8d:e2:16:99:b9:a3:c5:b4:46:fa:32:7d:64:ec: 884s 68:2e:44:20:c1:c7:79:47:72:46:e4:13:b0:8a:a8: 884s 9b:0d:75:be:bb:df:2a:26:2e:2b:3c:d5:1f:bc:50: 884s 0d:0e:55:08:de:9f:e8:6f:57:f9:7f:b5:5b:c8:be: 884s 8d:0c:1b:e6:d3:16:1a:be:45:99:8e:f6:22:a1:c1: 884s 9d:a4:f6:fd:8b:66:b4:5c:ef 884s Exponent: 65537 (0x10001) 884s X509v3 extensions: 884s X509v3 Authority Key Identifier: 884s 74:DB:20:B8:73:6A:1F:F1:BE:B0:66:9E:8F:CB:63:37:BE:39:06:B3 884s X509v3 Basic Constraints: 884s CA:FALSE 884s Netscape Cert Type: 884s SSL Client, S/MIME 884s Netscape Comment: 884s Test Organization Intermediate CA trusted Certificate 884s X509v3 Subject Key Identifier: 884s 39:B7:A8:C9:CC:72:65:EB:76:88:2B:BE:1A:60:F5:DB:0C:90:00:F5 884s X509v3 Key Usage: critical 884s Digital Signature, Non Repudiation, Key Encipherment 884s X509v3 Extended Key Usage: 884s TLS Web Client Authentication, E-mail Protection 884s X509v3 Subject Alternative Name: 884s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 884s Signature Algorithm: sha256WithRSAEncryption 884s Signature Value: 884s 70:26:fe:fc:01:7e:83:52:f7:60:f6:17:4a:72:a0:86:40:95: 884s 18:55:7c:f6:89:18:c4:fa:f5:4e:40:0b:88:f0:a1:d3:5e:be: 884s 65:7f:1f:3d:16:81:89:b9:2e:7e:97:ab:b4:83:40:fc:43:b3: 884s 15:c6:5f:ec:a1:61:d3:25:3b:91:0a:5e:1a:a0:27:da:95:2a: 884s 40:7f:2f:9a:82:7f:cd:12:06:5b:21:ae:8e:5c:18:7d:11:58: 884s 96:69:7d:ce:fd:a2:13:fb:d5:aa:63:20:f1:c2:da:5b:5b:18: 884s 6e:76:ca:1a:e3:9d:1c:7c:6a:c6:ab:f4:47:d1:62:f7:a2:28: 884s eb:ea 884s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-2890-auth.pem 884s + found_md5=Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF 884s + '[' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF '!=' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF ']' 884s + invalid_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 884s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 884s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 884s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 884s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 884s + local verify_option= 884s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 884s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 884s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 884s + local key_cn 884s + local key_name 884s + local tokens_dir 884s + local output_cert_file 884s + token_name= 884s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem .pem 884s + key_name=test-intermediate-CA-trusted-certificate-0001 884s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 884s ++ sed -n 's/ *commonName *= //p' 884s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 884s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 884s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 884s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 884s Test Organization Interme Token 884s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 884s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 884s + token_name='Test Organization Interme Token' 884s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 884s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 884s + echo 'Test Organization Interme Token' 884s + '[' -n '' ']' 884s + local output_base_name=SSSD-child-12496 884s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-12496.output 884s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-12496.pem 884s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 884s [p11_child[1839]] [main] (0x0400): p11_child started. 884s [p11_child[1839]] [main] (0x2000): Running in [pre-auth] mode. 884s [p11_child[1839]] [main] (0x2000): Running with effective IDs: [0][0]. 884s [p11_child[1839]] [main] (0x2000): Running with real IDs [0][0]. 884s [p11_child[1839]] [do_card] (0x4000): Module List: 884s [p11_child[1839]] [do_card] (0x4000): common name: [softhsm2]. 884s [p11_child[1839]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 884s [p11_child[1839]] [do_card] (0x4000): Description [SoftHSM slot ID 0x218c88b8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 884s [p11_child[1839]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 884s [p11_child[1839]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x218c88b8][562858168] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 884s [p11_child[1839]] [do_card] (0x4000): Login NOT required. 884s [p11_child[1839]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 884s [p11_child[1839]] [do_verification] (0x0040): X509_verify_cert failed [0]. 884s [p11_child[1839]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 884s [p11_child[1839]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 884s [p11_child[1839]] [do_card] (0x4000): No certificate found. 884s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-12496.output 884s + return 2 884s + invalid_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem partial_chain 884s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem partial_chain 884s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 884s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 884s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 884s + local verify_option=partial_chain 884s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 884s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 884s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 884s + local key_cn 884s + local key_name 884s + local tokens_dir 884s + local output_cert_file 884s + token_name= 884s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem .pem 884s + key_name=test-intermediate-CA-trusted-certificate-0001 884s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 884s ++ sed -n 's/ *commonName *= //p' 885s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 885s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 885s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 885s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 885s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 885s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 885s + token_name='Test Organization Interme Token' 885s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 885s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 885s + echo 'Test Organization Interme Token' 885s Test Organization Interme Token 885s + '[' -n partial_chain ']' 885s + local verify_arg=--verify=partial_chain 885s + local output_base_name=SSSD-child-8558 885s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-8558.output 885s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-8558.pem 885s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 885s [p11_child[1846]] [main] (0x0400): p11_child started. 885s [p11_child[1846]] [main] (0x2000): Running in [pre-auth] mode. 885s [p11_child[1846]] [main] (0x2000): Running with effective IDs: [0][0]. 885s [p11_child[1846]] [main] (0x2000): Running with real IDs [0][0]. 885s [p11_child[1846]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 885s [p11_child[1846]] [do_card] (0x4000): Module List: 885s [p11_child[1846]] [do_card] (0x4000): common name: [softhsm2]. 885s [p11_child[1846]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 885s [p11_child[1846]] [do_card] (0x4000): Description [SoftHSM slot ID 0x218c88b8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 885s [p11_child[1846]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 885s [p11_child[1846]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x218c88b8][562858168] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 885s [p11_child[1846]] [do_card] (0x4000): Login NOT required. 885s [p11_child[1846]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 885s [p11_child[1846]] [do_verification] (0x0040): X509_verify_cert failed [0]. 885s [p11_child[1846]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 885s [p11_child[1846]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 885s [p11_child[1846]] [do_card] (0x4000): No certificate found. 885s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-8558.output 885s + return 2 885s + valid_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 885s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 885s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 885s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 885s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 885s + local verify_option= 885s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 885s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 885s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 885s + local key_cn 885s + local key_name 885s + local tokens_dir 885s + local output_cert_file 885s + token_name= 885s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem .pem 885s + key_name=test-intermediate-CA-trusted-certificate-0001 885s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 885s ++ sed -n 's/ *commonName *= //p' 885s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 885s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 885s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 885s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 885s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 885s Test Organization Interme Token 885s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 885s + token_name='Test Organization Interme Token' 885s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 885s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 885s + echo 'Test Organization Interme Token' 885s + '[' -n '' ']' 885s + local output_base_name=SSSD-child-11052 885s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-11052.output 885s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-11052.pem 885s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 885s [p11_child[1853]] [main] (0x0400): p11_child started. 885s [p11_child[1853]] [main] (0x2000): Running in [pre-auth] mode. 885s [p11_child[1853]] [main] (0x2000): Running with effective IDs: [0][0]. 885s [p11_child[1853]] [main] (0x2000): Running with real IDs [0][0]. 885s [p11_child[1853]] [do_card] (0x4000): Module List: 885s [p11_child[1853]] [do_card] (0x4000): common name: [softhsm2]. 885s [p11_child[1853]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 885s [p11_child[1853]] [do_card] (0x4000): Description [SoftHSM slot ID 0x218c88b8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 885s [p11_child[1853]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 885s [p11_child[1853]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x218c88b8][562858168] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 885s [p11_child[1853]] [do_card] (0x4000): Login NOT required. 885s [p11_child[1853]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 885s [p11_child[1853]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 885s [p11_child[1853]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 885s [p11_child[1853]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x218c88b8;slot-manufacturer=SoftHSM%20project;slot-id=562858168;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fe5765baa18c88b8;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 885s [p11_child[1853]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 885s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-11052.output 885s + echo '-----BEGIN CERTIFICATE-----' 885s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-11052.output 885s + echo '-----END CERTIFICATE-----' 885s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-11052.pem 885s Certificate: 885s Data: 885s Version: 3 (0x2) 885s Serial Number: 4 (0x4) 885s Signature Algorithm: sha256WithRSAEncryption 885s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 885s Validity 885s Not Before: Jun 14 15:26:59 2024 GMT 885s Not After : Jun 14 15:26:59 2025 GMT 885s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 885s Subject Public Key Info: 885s Public Key Algorithm: rsaEncryption 885s Public-Key: (1024 bit) 885s Modulus: 885s 00:e1:2f:b5:7e:97:d5:0a:c6:bd:b7:de:c7:8f:b1: 885s 38:b9:2b:e4:2f:0f:f3:ca:04:e6:8a:b7:38:cc:16: 885s 67:34:60:09:8c:33:53:52:37:fd:55:04:31:9f:31: 885s 89:8d:e2:16:99:b9:a3:c5:b4:46:fa:32:7d:64:ec: 885s 68:2e:44:20:c1:c7:79:47:72:46:e4:13:b0:8a:a8: 885s 9b:0d:75:be:bb:df:2a:26:2e:2b:3c:d5:1f:bc:50: 885s 0d:0e:55:08:de:9f:e8:6f:57:f9:7f:b5:5b:c8:be: 885s 8d:0c:1b:e6:d3:16:1a:be:45:99:8e:f6:22:a1:c1: 885s 9d:a4:f6:fd:8b:66:b4:5c:ef 885s Exponent: 65537 (0x10001) 885s X509v3 extensions: 885s X509v3 Authority Key Identifier: 885s 74:DB:20:B8:73:6A:1F:F1:BE:B0:66:9E:8F:CB:63:37:BE:39:06:B3 885s X509v3 Basic Constraints: 885s CA:FALSE 885s Netscape Cert Type: 885s SSL Client, S/MIME 885s Netscape Comment: 885s Test Organization Intermediate CA trusted Certificate 885s X509v3 Subject Key Identifier: 885s 39:B7:A8:C9:CC:72:65:EB:76:88:2B:BE:1A:60:F5:DB:0C:90:00:F5 885s X509v3 Key Usage: critical 885s Digital Signature, Non Repudiation, Key Encipherment 885s X509v3 Extended Key Usage: 885s TLS Web Client Authentication, E-mail Protection 885s X509v3 Subject Alternative Name: 885s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 885s Signature Algorithm: sha256WithRSAEncryption 885s Signature Value: 885s 70:26:fe:fc:01:7e:83:52:f7:60:f6:17:4a:72:a0:86:40:95: 885s 18:55:7c:f6:89:18:c4:fa:f5:4e:40:0b:88:f0:a1:d3:5e:be: 885s 65:7f:1f:3d:16:81:89:b9:2e:7e:97:ab:b4:83:40:fc:43:b3: 885s 15:c6:5f:ec:a1:61:d3:25:3b:91:0a:5e:1a:a0:27:da:95:2a: 885s 40:7f:2f:9a:82:7f:cd:12:06:5b:21:ae:8e:5c:18:7d:11:58: 885s 96:69:7d:ce:fd:a2:13:fb:d5:aa:63:20:f1:c2:da:5b:5b:18: 885s 6e:76:ca:1a:e3:9d:1c:7c:6a:c6:ab:f4:47:d1:62:f7:a2:28: 885s eb:ea 885s + local found_md5 expected_md5 885s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 885s + expected_md5=Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF 885s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-11052.pem 885s + found_md5=Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF 885s + '[' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF '!=' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF ']' 885s + output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-11052-auth.output 885s ++ basename /tmp/sssd-softhsm2-EJdWyP/SSSD-child-11052-auth.output .output 885s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-11052-auth.pem 885s + echo -n 053350 885s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 885s [p11_child[1861]] [main] (0x0400): p11_child started. 885s [p11_child[1861]] [main] (0x2000): Running in [auth] mode. 885s [p11_child[1861]] [main] (0x2000): Running with effective IDs: [0][0]. 885s [p11_child[1861]] [main] (0x2000): Running with real IDs [0][0]. 885s [p11_child[1861]] [do_card] (0x4000): Module List: 885s [p11_child[1861]] [do_card] (0x4000): common name: [softhsm2]. 885s [p11_child[1861]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 885s [p11_child[1861]] [do_card] (0x4000): Description [SoftHSM slot ID 0x218c88b8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 885s [p11_child[1861]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 885s [p11_child[1861]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x218c88b8][562858168] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 885s [p11_child[1861]] [do_card] (0x4000): Login required. 885s [p11_child[1861]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 885s [p11_child[1861]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 885s [p11_child[1861]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 885s [p11_child[1861]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x218c88b8;slot-manufacturer=SoftHSM%20project;slot-id=562858168;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fe5765baa18c88b8;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 885s [p11_child[1861]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 885s [p11_child[1861]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 885s [p11_child[1861]] [do_card] (0x4000): Certificate verified and validated. 885s [p11_child[1861]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 885s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-11052-auth.output 885s + echo '-----BEGIN CERTIFICATE-----' 885s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-11052-auth.output 885s + echo '-----END CERTIFICATE-----' 885s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-11052-auth.pem 885s Certificate: 885s Data: 885s Version: 3 (0x2) 885s Serial Number: 4 (0x4) 885s Signature Algorithm: sha256WithRSAEncryption 885s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 885s Validity 885s Not Before: Jun 14 15:26:59 2024 GMT 885s Not After : Jun 14 15:26:59 2025 GMT 885s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 885s Subject Public Key Info: 885s Public Key Algorithm: rsaEncryption 885s Public-Key: (1024 bit) 885s Modulus: 885s 00:e1:2f:b5:7e:97:d5:0a:c6:bd:b7:de:c7:8f:b1: 885s 38:b9:2b:e4:2f:0f:f3:ca:04:e6:8a:b7:38:cc:16: 885s 67:34:60:09:8c:33:53:52:37:fd:55:04:31:9f:31: 885s 89:8d:e2:16:99:b9:a3:c5:b4:46:fa:32:7d:64:ec: 885s 68:2e:44:20:c1:c7:79:47:72:46:e4:13:b0:8a:a8: 885s 9b:0d:75:be:bb:df:2a:26:2e:2b:3c:d5:1f:bc:50: 885s 0d:0e:55:08:de:9f:e8:6f:57:f9:7f:b5:5b:c8:be: 885s 8d:0c:1b:e6:d3:16:1a:be:45:99:8e:f6:22:a1:c1: 885s 9d:a4:f6:fd:8b:66:b4:5c:ef 885s Exponent: 65537 (0x10001) 885s X509v3 extensions: 885s X509v3 Authority Key Identifier: 885s 74:DB:20:B8:73:6A:1F:F1:BE:B0:66:9E:8F:CB:63:37:BE:39:06:B3 885s X509v3 Basic Constraints: 885s CA:FALSE 885s Netscape Cert Type: 885s SSL Client, S/MIME 885s Netscape Comment: 885s Test Organization Intermediate CA trusted Certificate 885s X509v3 Subject Key Identifier: 885s 39:B7:A8:C9:CC:72:65:EB:76:88:2B:BE:1A:60:F5:DB:0C:90:00:F5 885s X509v3 Key Usage: critical 885s Digital Signature, Non Repudiation, Key Encipherment 885s X509v3 Extended Key Usage: 885s TLS Web Client Authentication, E-mail Protection 885s X509v3 Subject Alternative Name: 885s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 885s Signature Algorithm: sha256WithRSAEncryption 885s Signature Value: 885s 70:26:fe:fc:01:7e:83:52:f7:60:f6:17:4a:72:a0:86:40:95: 885s 18:55:7c:f6:89:18:c4:fa:f5:4e:40:0b:88:f0:a1:d3:5e:be: 885s 65:7f:1f:3d:16:81:89:b9:2e:7e:97:ab:b4:83:40:fc:43:b3: 885s 15:c6:5f:ec:a1:61:d3:25:3b:91:0a:5e:1a:a0:27:da:95:2a: 885s 40:7f:2f:9a:82:7f:cd:12:06:5b:21:ae:8e:5c:18:7d:11:58: 885s 96:69:7d:ce:fd:a2:13:fb:d5:aa:63:20:f1:c2:da:5b:5b:18: 885s 6e:76:ca:1a:e3:9d:1c:7c:6a:c6:ab:f4:47:d1:62:f7:a2:28: 885s eb:ea 885s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-11052-auth.pem 885s + found_md5=Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF 885s + '[' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF '!=' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF ']' 885s + valid_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem partial_chain 885s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem partial_chain 885s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 885s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 885s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 885s + local verify_option=partial_chain 885s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 885s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 885s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 885s + local key_cn 885s + local key_name 885s + local tokens_dir 885s + local output_cert_file 885s + token_name= 885s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem .pem 885s + key_name=test-intermediate-CA-trusted-certificate-0001 886s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 886s ++ sed -n 's/ *commonName *= //p' 886s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 886s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 886s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 886s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 886s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 886s Test Organization Interme Token 886s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 886s + token_name='Test Organization Interme Token' 886s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 886s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 886s + echo 'Test Organization Interme Token' 886s + '[' -n partial_chain ']' 886s + local verify_arg=--verify=partial_chain 886s + local output_base_name=SSSD-child-18953 886s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-18953.output 886s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-18953.pem 886s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 886s [p11_child[1871]] [main] (0x0400): p11_child started. 886s [p11_child[1871]] [main] (0x2000): Running in [pre-auth] mode. 886s [p11_child[1871]] [main] (0x2000): Running with effective IDs: [0][0]. 886s [p11_child[1871]] [main] (0x2000): Running with real IDs [0][0]. 886s [p11_child[1871]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 886s [p11_child[1871]] [do_card] (0x4000): Module List: 886s [p11_child[1871]] [do_card] (0x4000): common name: [softhsm2]. 886s [p11_child[1871]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 886s [p11_child[1871]] [do_card] (0x4000): Description [SoftHSM slot ID 0x218c88b8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 886s [p11_child[1871]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 886s [p11_child[1871]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x218c88b8][562858168] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 886s [p11_child[1871]] [do_card] (0x4000): Login NOT required. 886s [p11_child[1871]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 886s [p11_child[1871]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 886s [p11_child[1871]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 886s [p11_child[1871]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x218c88b8;slot-manufacturer=SoftHSM%20project;slot-id=562858168;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fe5765baa18c88b8;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 886s [p11_child[1871]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 886s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-18953.output 886s + echo '-----BEGIN CERTIFICATE-----' 886s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-18953.output 886s + echo '-----END CERTIFICATE-----' 886s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-18953.pem 886s Certificate: 886s Data: 886s Version: 3 (0x2) 886s Serial Number: 4 (0x4) 886s Signature Algorithm: sha256WithRSAEncryption 886s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 886s Validity 886s Not Before: Jun 14 15:26:59 2024 GMT 886s Not After : Jun 14 15:26:59 2025 GMT 886s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 886s Subject Public Key Info: 886s Public Key Algorithm: rsaEncryption 886s Public-Key: (1024 bit) 886s Modulus: 886s 00:e1:2f:b5:7e:97:d5:0a:c6:bd:b7:de:c7:8f:b1: 886s 38:b9:2b:e4:2f:0f:f3:ca:04:e6:8a:b7:38:cc:16: 886s 67:34:60:09:8c:33:53:52:37:fd:55:04:31:9f:31: 886s 89:8d:e2:16:99:b9:a3:c5:b4:46:fa:32:7d:64:ec: 886s 68:2e:44:20:c1:c7:79:47:72:46:e4:13:b0:8a:a8: 886s 9b:0d:75:be:bb:df:2a:26:2e:2b:3c:d5:1f:bc:50: 886s 0d:0e:55:08:de:9f:e8:6f:57:f9:7f:b5:5b:c8:be: 886s 8d:0c:1b:e6:d3:16:1a:be:45:99:8e:f6:22:a1:c1: 886s 9d:a4:f6:fd:8b:66:b4:5c:ef 886s Exponent: 65537 (0x10001) 886s X509v3 extensions: 886s X509v3 Authority Key Identifier: 886s 74:DB:20:B8:73:6A:1F:F1:BE:B0:66:9E:8F:CB:63:37:BE:39:06:B3 886s X509v3 Basic Constraints: 886s CA:FALSE 886s Netscape Cert Type: 886s SSL Client, S/MIME 886s Netscape Comment: 886s Test Organization Intermediate CA trusted Certificate 886s X509v3 Subject Key Identifier: 886s 39:B7:A8:C9:CC:72:65:EB:76:88:2B:BE:1A:60:F5:DB:0C:90:00:F5 886s X509v3 Key Usage: critical 886s Digital Signature, Non Repudiation, Key Encipherment 886s X509v3 Extended Key Usage: 886s TLS Web Client Authentication, E-mail Protection 886s X509v3 Subject Alternative Name: 886s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 886s Signature Algorithm: sha256WithRSAEncryption 886s Signature Value: 886s 70:26:fe:fc:01:7e:83:52:f7:60:f6:17:4a:72:a0:86:40:95: 886s 18:55:7c:f6:89:18:c4:fa:f5:4e:40:0b:88:f0:a1:d3:5e:be: 886s 65:7f:1f:3d:16:81:89:b9:2e:7e:97:ab:b4:83:40:fc:43:b3: 886s 15:c6:5f:ec:a1:61:d3:25:3b:91:0a:5e:1a:a0:27:da:95:2a: 886s 40:7f:2f:9a:82:7f:cd:12:06:5b:21:ae:8e:5c:18:7d:11:58: 886s 96:69:7d:ce:fd:a2:13:fb:d5:aa:63:20:f1:c2:da:5b:5b:18: 886s 6e:76:ca:1a:e3:9d:1c:7c:6a:c6:ab:f4:47:d1:62:f7:a2:28: 886s eb:ea 886s + local found_md5 expected_md5 886s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 886s + expected_md5=Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF 886s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-18953.pem 886s + found_md5=Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF 886s + '[' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF '!=' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF ']' 886s + output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-18953-auth.output 886s ++ basename /tmp/sssd-softhsm2-EJdWyP/SSSD-child-18953-auth.output .output 886s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-18953-auth.pem 886s + echo -n 053350 886s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 886s [p11_child[1879]] [main] (0x0400): p11_child started. 886s [p11_child[1879]] [main] (0x2000): Running in [auth] mode. 886s [p11_child[1879]] [main] (0x2000): Running with effective IDs: [0][0]. 886s [p11_child[1879]] [main] (0x2000): Running with real IDs [0][0]. 886s [p11_child[1879]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 886s [p11_child[1879]] [do_card] (0x4000): Module List: 886s [p11_child[1879]] [do_card] (0x4000): common name: [softhsm2]. 886s [p11_child[1879]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 886s [p11_child[1879]] [do_card] (0x4000): Description [SoftHSM slot ID 0x218c88b8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 886s [p11_child[1879]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 886s [p11_child[1879]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x218c88b8][562858168] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 886s [p11_child[1879]] [do_card] (0x4000): Login required. 886s [p11_child[1879]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 886s [p11_child[1879]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 886s [p11_child[1879]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 886s [p11_child[1879]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x218c88b8;slot-manufacturer=SoftHSM%20project;slot-id=562858168;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fe5765baa18c88b8;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 886s [p11_child[1879]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 886s [p11_child[1879]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 886s [p11_child[1879]] [do_card] (0x4000): Certificate verified and validated. 886s [p11_child[1879]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 886s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-18953-auth.output 886s + echo '-----BEGIN CERTIFICATE-----' 886s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-18953-auth.output 886s + echo '-----END CERTIFICATE-----' 886s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-18953-auth.pem 886s Certificate: 886s Data: 886s Version: 3 (0x2) 886s Serial Number: 4 (0x4) 886s Signature Algorithm: sha256WithRSAEncryption 886s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 886s Validity 886s Not Before: Jun 14 15:26:59 2024 GMT 886s Not After : Jun 14 15:26:59 2025 GMT 886s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 886s Subject Public Key Info: 886s Public Key Algorithm: rsaEncryption 886s Public-Key: (1024 bit) 886s Modulus: 886s 00:e1:2f:b5:7e:97:d5:0a:c6:bd:b7:de:c7:8f:b1: 886s 38:b9:2b:e4:2f:0f:f3:ca:04:e6:8a:b7:38:cc:16: 886s 67:34:60:09:8c:33:53:52:37:fd:55:04:31:9f:31: 886s 89:8d:e2:16:99:b9:a3:c5:b4:46:fa:32:7d:64:ec: 886s 68:2e:44:20:c1:c7:79:47:72:46:e4:13:b0:8a:a8: 886s 9b:0d:75:be:bb:df:2a:26:2e:2b:3c:d5:1f:bc:50: 886s 0d:0e:55:08:de:9f:e8:6f:57:f9:7f:b5:5b:c8:be: 886s 8d:0c:1b:e6:d3:16:1a:be:45:99:8e:f6:22:a1:c1: 886s 9d:a4:f6:fd:8b:66:b4:5c:ef 886s Exponent: 65537 (0x10001) 886s X509v3 extensions: 886s X509v3 Authority Key Identifier: 886s 74:DB:20:B8:73:6A:1F:F1:BE:B0:66:9E:8F:CB:63:37:BE:39:06:B3 886s X509v3 Basic Constraints: 886s CA:FALSE 886s Netscape Cert Type: 886s SSL Client, S/MIME 886s Netscape Comment: 886s Test Organization Intermediate CA trusted Certificate 886s X509v3 Subject Key Identifier: 886s 39:B7:A8:C9:CC:72:65:EB:76:88:2B:BE:1A:60:F5:DB:0C:90:00:F5 886s X509v3 Key Usage: critical 886s Digital Signature, Non Repudiation, Key Encipherment 886s X509v3 Extended Key Usage: 886s TLS Web Client Authentication, E-mail Protection 886s X509v3 Subject Alternative Name: 886s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 886s Signature Algorithm: sha256WithRSAEncryption 886s Signature Value: 886s 70:26:fe:fc:01:7e:83:52:f7:60:f6:17:4a:72:a0:86:40:95: 886s 18:55:7c:f6:89:18:c4:fa:f5:4e:40:0b:88:f0:a1:d3:5e:be: 886s 65:7f:1f:3d:16:81:89:b9:2e:7e:97:ab:b4:83:40:fc:43:b3: 886s 15:c6:5f:ec:a1:61:d3:25:3b:91:0a:5e:1a:a0:27:da:95:2a: 886s 40:7f:2f:9a:82:7f:cd:12:06:5b:21:ae:8e:5c:18:7d:11:58: 886s 96:69:7d:ce:fd:a2:13:fb:d5:aa:63:20:f1:c2:da:5b:5b:18: 886s 6e:76:ca:1a:e3:9d:1c:7c:6a:c6:ab:f4:47:d1:62:f7:a2:28: 886s eb:ea 886s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-18953-auth.pem 886s + found_md5=Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF 886s + '[' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF '!=' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF ']' 886s + invalid_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 886s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 886s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 886s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 886s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 886s + local verify_option= 886s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 886s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 886s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 886s + local key_cn 886s + local key_name 886s + local tokens_dir 886s + local output_cert_file 886s + token_name= 886s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem .pem 886s + key_name=test-intermediate-CA-trusted-certificate-0001 886s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 886s ++ sed -n 's/ *commonName *= //p' 886s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 886s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 886s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 886s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 886s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 886s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 886s + token_name='Test Organization Interme Token' 886s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 886s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 886s + echo 'Test Organization Interme Token' 886s Test Organization Interme Token 886s + '[' -n '' ']' 886s + local output_base_name=SSSD-child-29399 886s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-29399.output 886s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-29399.pem 886s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 887s [p11_child[1889]] [main] (0x0400): p11_child started. 887s [p11_child[1889]] [main] (0x2000): Running in [pre-auth] mode. 887s [p11_child[1889]] [main] (0x2000): Running with effective IDs: [0][0]. 887s [p11_child[1889]] [main] (0x2000): Running with real IDs [0][0]. 887s [p11_child[1889]] [do_card] (0x4000): Module List: 887s [p11_child[1889]] [do_card] (0x4000): common name: [softhsm2]. 887s [p11_child[1889]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 887s [p11_child[1889]] [do_card] (0x4000): Description [SoftHSM slot ID 0x218c88b8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 887s [p11_child[1889]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 887s [p11_child[1889]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x218c88b8][562858168] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 887s [p11_child[1889]] [do_card] (0x4000): Login NOT required. 887s [p11_child[1889]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 887s [p11_child[1889]] [do_verification] (0x0040): X509_verify_cert failed [0]. 887s [p11_child[1889]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 887s [p11_child[1889]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 887s [p11_child[1889]] [do_card] (0x4000): No certificate found. 887s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-29399.output 887s + return 2 887s + valid_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem partial_chain 887s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem partial_chain 887s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 887s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 887s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 887s + local verify_option=partial_chain 887s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7299 887s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 887s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7299 887s + local key_cn 887s + local key_name 887s + local tokens_dir 887s + local output_cert_file 887s + token_name= 887s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem .pem 887s + key_name=test-intermediate-CA-trusted-certificate-0001 887s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 887s ++ sed -n 's/ *commonName *= //p' 887s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 887s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 887s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 887s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 887s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 887s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 887s + token_name='Test Organization Interme Token' 887s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 887s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 887s + echo 'Test Organization Interme Token' 887s Test Organization Interme Token 887s + '[' -n partial_chain ']' 887s + local verify_arg=--verify=partial_chain 887s + local output_base_name=SSSD-child-4472 887s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-4472.output 887s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-4472.pem 887s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem 887s [p11_child[1896]] [main] (0x0400): p11_child started. 887s [p11_child[1896]] [main] (0x2000): Running in [pre-auth] mode. 887s [p11_child[1896]] [main] (0x2000): Running with effective IDs: [0][0]. 887s [p11_child[1896]] [main] (0x2000): Running with real IDs [0][0]. 887s [p11_child[1896]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 887s [p11_child[1896]] [do_card] (0x4000): Module List: 887s [p11_child[1896]] [do_card] (0x4000): common name: [softhsm2]. 887s [p11_child[1896]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 887s [p11_child[1896]] [do_card] (0x4000): Description [SoftHSM slot ID 0x218c88b8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 887s [p11_child[1896]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 887s [p11_child[1896]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x218c88b8][562858168] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 887s [p11_child[1896]] [do_card] (0x4000): Login NOT required. 887s [p11_child[1896]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 887s [p11_child[1896]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 887s [p11_child[1896]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 887s [p11_child[1896]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x218c88b8;slot-manufacturer=SoftHSM%20project;slot-id=562858168;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fe5765baa18c88b8;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 887s [p11_child[1896]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 887s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4472.output 887s + echo '-----BEGIN CERTIFICATE-----' 887s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4472.output 887s + echo '-----END CERTIFICATE-----' 887s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4472.pem 887s Certificate: 887s Data: 887s Version: 3 (0x2) 887s Serial Number: 4 (0x4) 887s Signature Algorithm: sha256WithRSAEncryption 887s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 887s Validity 887s Not Before: Jun 14 15:26:59 2024 GMT 887s Not After : Jun 14 15:26:59 2025 GMT 887s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 887s Subject Public Key Info: 887s Public Key Algorithm: rsaEncryption 887s Public-Key: (1024 bit) 887s Modulus: 887s 00:e1:2f:b5:7e:97:d5:0a:c6:bd:b7:de:c7:8f:b1: 887s 38:b9:2b:e4:2f:0f:f3:ca:04:e6:8a:b7:38:cc:16: 887s 67:34:60:09:8c:33:53:52:37:fd:55:04:31:9f:31: 887s 89:8d:e2:16:99:b9:a3:c5:b4:46:fa:32:7d:64:ec: 887s 68:2e:44:20:c1:c7:79:47:72:46:e4:13:b0:8a:a8: 887s 9b:0d:75:be:bb:df:2a:26:2e:2b:3c:d5:1f:bc:50: 887s 0d:0e:55:08:de:9f:e8:6f:57:f9:7f:b5:5b:c8:be: 887s 8d:0c:1b:e6:d3:16:1a:be:45:99:8e:f6:22:a1:c1: 887s 9d:a4:f6:fd:8b:66:b4:5c:ef 887s Exponent: 65537 (0x10001) 887s X509v3 extensions: 887s X509v3 Authority Key Identifier: 887s 74:DB:20:B8:73:6A:1F:F1:BE:B0:66:9E:8F:CB:63:37:BE:39:06:B3 887s X509v3 Basic Constraints: 887s CA:FALSE 887s Netscape Cert Type: 887s SSL Client, S/MIME 887s Netscape Comment: 887s Test Organization Intermediate CA trusted Certificate 887s X509v3 Subject Key Identifier: 887s 39:B7:A8:C9:CC:72:65:EB:76:88:2B:BE:1A:60:F5:DB:0C:90:00:F5 887s X509v3 Key Usage: critical 887s Digital Signature, Non Repudiation, Key Encipherment 887s X509v3 Extended Key Usage: 887s TLS Web Client Authentication, E-mail Protection 887s X509v3 Subject Alternative Name: 887s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 887s Signature Algorithm: sha256WithRSAEncryption 887s Signature Value: 887s 70:26:fe:fc:01:7e:83:52:f7:60:f6:17:4a:72:a0:86:40:95: 887s 18:55:7c:f6:89:18:c4:fa:f5:4e:40:0b:88:f0:a1:d3:5e:be: 887s 65:7f:1f:3d:16:81:89:b9:2e:7e:97:ab:b4:83:40:fc:43:b3: 887s 15:c6:5f:ec:a1:61:d3:25:3b:91:0a:5e:1a:a0:27:da:95:2a: 887s 40:7f:2f:9a:82:7f:cd:12:06:5b:21:ae:8e:5c:18:7d:11:58: 887s 96:69:7d:ce:fd:a2:13:fb:d5:aa:63:20:f1:c2:da:5b:5b:18: 887s 6e:76:ca:1a:e3:9d:1c:7c:6a:c6:ab:f4:47:d1:62:f7:a2:28: 887s eb:ea 887s + local found_md5 expected_md5 887s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA-trusted-certificate-0001.pem 887s + expected_md5=Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF 887s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4472.pem 888s + found_md5=Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF 888s + '[' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF '!=' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF ']' 888s + output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-4472-auth.output 888s ++ basename /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4472-auth.output .output 888s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-4472-auth.pem 888s + echo -n 053350 888s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 888s [p11_child[1904]] [main] (0x0400): p11_child started. 888s [p11_child[1904]] [main] (0x2000): Running in [auth] mode. 888s [p11_child[1904]] [main] (0x2000): Running with effective IDs: [0][0]. 888s [p11_child[1904]] [main] (0x2000): Running with real IDs [0][0]. 888s [p11_child[1904]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 888s [p11_child[1904]] [do_card] (0x4000): Module List: 888s [p11_child[1904]] [do_card] (0x4000): common name: [softhsm2]. 888s [p11_child[1904]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 888s [p11_child[1904]] [do_card] (0x4000): Description [SoftHSM slot ID 0x218c88b8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 888s [p11_child[1904]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 888s [p11_child[1904]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x218c88b8][562858168] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 888s [p11_child[1904]] [do_card] (0x4000): Login required. 888s [p11_child[1904]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 888s [p11_child[1904]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 888s [p11_child[1904]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 888s [p11_child[1904]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x218c88b8;slot-manufacturer=SoftHSM%20project;slot-id=562858168;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fe5765baa18c88b8;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 888s [p11_child[1904]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 888s [p11_child[1904]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 888s [p11_child[1904]] [do_card] (0x4000): Certificate verified and validated. 888s [p11_child[1904]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 888s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4472-auth.output 888s + echo '-----BEGIN CERTIFICATE-----' 888s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4472-auth.output 888s + echo '-----END CERTIFICATE-----' 888s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4472-auth.pem 888s Certificate: 888s Data: 888s Version: 3 (0x2) 888s Serial Number: 4 (0x4) 888s Signature Algorithm: sha256WithRSAEncryption 888s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 888s Validity 888s Not Before: Jun 14 15:26:59 2024 GMT 888s Not After : Jun 14 15:26:59 2025 GMT 888s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 888s Subject Public Key Info: 888s Public Key Algorithm: rsaEncryption 888s Public-Key: (1024 bit) 888s Modulus: 888s 00:e1:2f:b5:7e:97:d5:0a:c6:bd:b7:de:c7:8f:b1: 888s 38:b9:2b:e4:2f:0f:f3:ca:04:e6:8a:b7:38:cc:16: 888s 67:34:60:09:8c:33:53:52:37:fd:55:04:31:9f:31: 888s 89:8d:e2:16:99:b9:a3:c5:b4:46:fa:32:7d:64:ec: 888s 68:2e:44:20:c1:c7:79:47:72:46:e4:13:b0:8a:a8: 888s 9b:0d:75:be:bb:df:2a:26:2e:2b:3c:d5:1f:bc:50: 888s 0d:0e:55:08:de:9f:e8:6f:57:f9:7f:b5:5b:c8:be: 888s 8d:0c:1b:e6:d3:16:1a:be:45:99:8e:f6:22:a1:c1: 888s 9d:a4:f6:fd:8b:66:b4:5c:ef 888s Exponent: 65537 (0x10001) 888s X509v3 extensions: 888s X509v3 Authority Key Identifier: 888s 74:DB:20:B8:73:6A:1F:F1:BE:B0:66:9E:8F:CB:63:37:BE:39:06:B3 888s X509v3 Basic Constraints: 888s CA:FALSE 888s Netscape Cert Type: 888s SSL Client, S/MIME 888s Netscape Comment: 888s Test Organization Intermediate CA trusted Certificate 888s X509v3 Subject Key Identifier: 888s 39:B7:A8:C9:CC:72:65:EB:76:88:2B:BE:1A:60:F5:DB:0C:90:00:F5 888s X509v3 Key Usage: critical 888s Digital Signature, Non Repudiation, Key Encipherment 888s X509v3 Extended Key Usage: 888s TLS Web Client Authentication, E-mail Protection 888s X509v3 Subject Alternative Name: 888s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 888s Signature Algorithm: sha256WithRSAEncryption 888s Signature Value: 888s 70:26:fe:fc:01:7e:83:52:f7:60:f6:17:4a:72:a0:86:40:95: 888s 18:55:7c:f6:89:18:c4:fa:f5:4e:40:0b:88:f0:a1:d3:5e:be: 888s 65:7f:1f:3d:16:81:89:b9:2e:7e:97:ab:b4:83:40:fc:43:b3: 888s 15:c6:5f:ec:a1:61:d3:25:3b:91:0a:5e:1a:a0:27:da:95:2a: 888s 40:7f:2f:9a:82:7f:cd:12:06:5b:21:ae:8e:5c:18:7d:11:58: 888s 96:69:7d:ce:fd:a2:13:fb:d5:aa:63:20:f1:c2:da:5b:5b:18: 888s 6e:76:ca:1a:e3:9d:1c:7c:6a:c6:ab:f4:47:d1:62:f7:a2:28: 888s eb:ea 888s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4472-auth.pem 888s + found_md5=Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF 888s + '[' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF '!=' Modulus=E12FB57E97D50AC6BDB7DEC78FB138B92BE42F0FF3CA04E68AB738CC16673460098C33535237FD5504319F31898DE21699B9A3C5B446FA327D64EC682E4420C1C779477246E413B08AA89B0D75BEBBDF2A262E2B3CD51FBC500D0E5508DE9FE86F57F97FB55BC8BE8D0C1BE6D3161ABE45998EF622A1C19DA4F6FD8B66B45CEF ']' 888s + invalid_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 888s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 888s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 888s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 888s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 888s + local verify_option= 888s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 888s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 888s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 888s + local key_cn 888s + local key_name 888s + local tokens_dir 888s + local output_cert_file 888s + token_name= 888s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 888s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 888s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 888s ++ sed -n 's/ *commonName *= //p' 888s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 888s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 888s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 888s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 888s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 888s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 888s + token_name='Test Organization Sub Int Token' 888s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 888s + local key_file 888s + local decrypted_key 888s + mkdir -p /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 888s + key_file=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 888s + decrypted_key=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 888s + cat 888s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 888s Slot 0 has a free/uninitialized token. 888s The token has been initialized and is reassigned to slot 1085924201 888s + softhsm2-util --show-slots 888s Available slots: 888s Slot 1085924201 888s Slot info: 888s Description: SoftHSM slot ID 0x40b9e369 888s Manufacturer ID: SoftHSM project 888s Hardware version: 2.6 888s Firmware version: 2.6 888s Token present: yes 888s Token info: 888s Manufacturer ID: SoftHSM project 888s Model: SoftHSM v2 888s Hardware version: 2.6 888s Firmware version: 2.6 888s Serial number: cfa3586d40b9e369 888s Initialized: yes 888s User PIN init.: yes 888s Label: Test Organization Sub Int Token 888s Slot 1 888s Slot info: 888s Description: SoftHSM slot ID 0x1 888s Manufacturer ID: SoftHSM project 888s Hardware version: 2.6 888s Firmware version: 2.6 888s Token present: yes 888s Token info: 888s Manufacturer ID: SoftHSM project 888s Model: SoftHSM v2 888s Hardware version: 2.6 888s Firmware version: 2.6 888s Serial number: 888s Initialized: no 888s User PIN init.: no 888s Label: 888s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 888s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-4402 -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 888s writing RSA key 888s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 888s + rm /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 888s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 889s Object 0: 889s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cfa3586d40b9e369;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 889s Type: X.509 Certificate (RSA-1024) 889s Expires: Sat Jun 14 15:27:00 2025 889s Label: Test Organization Sub Intermediate Trusted Certificate 0001 889s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 889s 889s + echo 'Test Organization Sub Int Token' 889s Test Organization Sub Int Token 889s + '[' -n '' ']' 889s + local output_base_name=SSSD-child-16996 889s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-16996.output 889s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-16996.pem 889s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 889s [p11_child[1923]] [main] (0x0400): p11_child started. 889s [p11_child[1923]] [main] (0x2000): Running in [pre-auth] mode. 889s [p11_child[1923]] [main] (0x2000): Running with effective IDs: [0][0]. 889s [p11_child[1923]] [main] (0x2000): Running with real IDs [0][0]. 889s [p11_child[1923]] [do_card] (0x4000): Module List: 889s [p11_child[1923]] [do_card] (0x4000): common name: [softhsm2]. 889s [p11_child[1923]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 889s [p11_child[1923]] [do_card] (0x4000): Description [SoftHSM slot ID 0x40b9e369] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 889s [p11_child[1923]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 889s [p11_child[1923]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x40b9e369][1085924201] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 889s [p11_child[1923]] [do_card] (0x4000): Login NOT required. 889s [p11_child[1923]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 889s [p11_child[1923]] [do_verification] (0x0040): X509_verify_cert failed [0]. 889s [p11_child[1923]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 889s [p11_child[1923]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 889s [p11_child[1923]] [do_card] (0x4000): No certificate found. 889s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-16996.output 889s + return 2 889s + invalid_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem partial_chain 889s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem partial_chain 889s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 889s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 889s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 889s + local verify_option=partial_chain 889s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 889s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 889s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 889s + local key_cn 889s + local key_name 889s + local tokens_dir 889s + local output_cert_file 889s + token_name= 889s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 889s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 889s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 889s ++ sed -n 's/ *commonName *= //p' 889s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 889s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 889s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 889s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 889s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 889s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 889s + token_name='Test Organization Sub Int Token' 889s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 889s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 889s + echo 'Test Organization Sub Int Token' 889s Test Organization Sub Int Token 889s + '[' -n partial_chain ']' 889s + local verify_arg=--verify=partial_chain 889s + local output_base_name=SSSD-child-22901 889s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-22901.output 889s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-22901.pem 889s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-root-CA.pem 889s [p11_child[1930]] [main] (0x0400): p11_child started. 889s [p11_child[1930]] [main] (0x2000): Running in [pre-auth] mode. 889s [p11_child[1930]] [main] (0x2000): Running with effective IDs: [0][0]. 889s [p11_child[1930]] [main] (0x2000): Running with real IDs [0][0]. 889s [p11_child[1930]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 889s [p11_child[1930]] [do_card] (0x4000): Module List: 889s [p11_child[1930]] [do_card] (0x4000): common name: [softhsm2]. 889s [p11_child[1930]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 889s [p11_child[1930]] [do_card] (0x4000): Description [SoftHSM slot ID 0x40b9e369] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 889s [p11_child[1930]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 889s [p11_child[1930]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x40b9e369][1085924201] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 889s [p11_child[1930]] [do_card] (0x4000): Login NOT required. 889s [p11_child[1930]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 889s [p11_child[1930]] [do_verification] (0x0040): X509_verify_cert failed [0]. 889s [p11_child[1930]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 889s [p11_child[1930]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 889s [p11_child[1930]] [do_card] (0x4000): No certificate found. 889s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-22901.output 889s + return 2 889s + valid_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 889s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 889s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 889s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 889s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 889s + local verify_option= 889s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 889s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 889s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 889s + local key_cn 889s + local key_name 889s + local tokens_dir 889s + local output_cert_file 889s + token_name= 889s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 889s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 889s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 889s ++ sed -n 's/ *commonName *= //p' 889s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 889s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 889s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 889s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 889s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 889s Test Organization Sub Int Token 889s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 889s + token_name='Test Organization Sub Int Token' 889s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 889s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 889s + echo 'Test Organization Sub Int Token' 889s + '[' -n '' ']' 889s + local output_base_name=SSSD-child-4760 889s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-4760.output 889s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-4760.pem 889s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 889s [p11_child[1937]] [main] (0x0400): p11_child started. 889s [p11_child[1937]] [main] (0x2000): Running in [pre-auth] mode. 889s [p11_child[1937]] [main] (0x2000): Running with effective IDs: [0][0]. 889s [p11_child[1937]] [main] (0x2000): Running with real IDs [0][0]. 889s [p11_child[1937]] [do_card] (0x4000): Module List: 889s [p11_child[1937]] [do_card] (0x4000): common name: [softhsm2]. 889s [p11_child[1937]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 889s [p11_child[1937]] [do_card] (0x4000): Description [SoftHSM slot ID 0x40b9e369] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 889s [p11_child[1937]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 889s [p11_child[1937]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x40b9e369][1085924201] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 889s [p11_child[1937]] [do_card] (0x4000): Login NOT required. 889s [p11_child[1937]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 889s [p11_child[1937]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 889s [p11_child[1937]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 889s [p11_child[1937]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x40b9e369;slot-manufacturer=SoftHSM%20project;slot-id=1085924201;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cfa3586d40b9e369;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 889s [p11_child[1937]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 889s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4760.output 889s + echo '-----BEGIN CERTIFICATE-----' 889s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4760.output 889s + echo '-----END CERTIFICATE-----' 889s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4760.pem 889s Certificate: 889s Data: 889s Version: 3 (0x2) 889s Serial Number: 5 (0x5) 889s Signature Algorithm: sha256WithRSAEncryption 889s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 889s Validity 889s Not Before: Jun 14 15:27:00 2024 GMT 889s Not After : Jun 14 15:27:00 2025 GMT 889s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 889s Subject Public Key Info: 889s Public Key Algorithm: rsaEncryption 889s Public-Key: (1024 bit) 889s Modulus: 889s 00:dd:ad:30:de:66:c1:21:85:3e:cf:94:fe:f1:85: 889s a1:b0:77:02:55:19:78:58:9c:bc:6f:89:54:7a:db: 889s e8:0a:f2:59:b3:85:4e:2b:e8:26:d2:bc:76:60:45: 889s 47:97:db:18:86:4e:9e:6b:4a:70:d9:8e:56:13:03: 889s 2e:90:7b:5f:59:6d:28:db:c3:74:65:5a:11:9c:70: 889s 58:95:f1:fc:f2:27:e9:18:ca:28:c8:9d:82:72:20: 889s c8:7a:9d:24:55:cd:7a:27:34:e6:5f:e4:f7:e9:d2: 889s ea:82:c9:55:f4:e2:0a:46:aa:d6:64:37:08:b9:51: 889s df:8e:99:e7:46:14:4e:0e:d1 889s Exponent: 65537 (0x10001) 889s X509v3 extensions: 889s X509v3 Authority Key Identifier: 889s B8:4E:A5:9A:FE:16:44:41:39:63:5B:6A:CB:E3:F5:75:1E:03:1A:C9 889s X509v3 Basic Constraints: 889s CA:FALSE 889s Netscape Cert Type: 889s SSL Client, S/MIME 889s Netscape Comment: 889s Test Organization Sub Intermediate CA trusted Certificate 889s X509v3 Subject Key Identifier: 889s FA:4B:B9:D6:95:24:70:E7:72:ED:57:CC:34:33:A1:36:C6:84:3A:33 889s X509v3 Key Usage: critical 889s Digital Signature, Non Repudiation, Key Encipherment 889s X509v3 Extended Key Usage: 889s TLS Web Client Authentication, E-mail Protection 889s X509v3 Subject Alternative Name: 889s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 889s Signature Algorithm: sha256WithRSAEncryption 889s Signature Value: 889s 60:a9:44:d8:b1:f8:ba:49:b7:c9:2f:a6:50:2a:2a:07:c5:a6: 889s 7e:14:52:81:2f:9f:ac:c8:54:ec:0e:80:66:af:e2:8e:5c:db: 889s 37:a9:03:da:e7:47:cb:39:b3:95:8c:5f:8a:63:b1:64:8d:ba: 889s 76:9b:5e:46:5b:2b:f7:53:bb:df:0c:a7:4a:0a:8e:51:cc:2d: 889s 7f:49:96:c1:0c:a1:d7:d3:78:ae:c1:52:df:ab:74:6a:ad:24: 889s 17:b3:6c:94:52:8e:28:d0:a5:1d:92:12:99:a2:c3:bb:7f:65: 889s 00:6d:e1:79:18:c1:b1:3c:89:53:9b:b3:6d:40:98:7d:9f:5f: 889s 43:de 889s + local found_md5 expected_md5 889s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 889s + expected_md5=Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 889s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4760.pem 889s + found_md5=Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 889s + '[' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 '!=' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 ']' 889s + output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-4760-auth.output 889s ++ basename /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4760-auth.output .output 889s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-4760-auth.pem 889s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 889s + echo -n 053350 889s [p11_child[1945]] [main] (0x0400): p11_child started. 889s [p11_child[1945]] [main] (0x2000): Running in [auth] mode. 889s [p11_child[1945]] [main] (0x2000): Running with effective IDs: [0][0]. 889s [p11_child[1945]] [main] (0x2000): Running with real IDs [0][0]. 889s [p11_child[1945]] [do_card] (0x4000): Module List: 889s [p11_child[1945]] [do_card] (0x4000): common name: [softhsm2]. 889s [p11_child[1945]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 889s [p11_child[1945]] [do_card] (0x4000): Description [SoftHSM slot ID 0x40b9e369] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 889s [p11_child[1945]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 889s [p11_child[1945]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x40b9e369][1085924201] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 889s [p11_child[1945]] [do_card] (0x4000): Login required. 889s [p11_child[1945]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 889s [p11_child[1945]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 889s [p11_child[1945]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 889s [p11_child[1945]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x40b9e369;slot-manufacturer=SoftHSM%20project;slot-id=1085924201;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cfa3586d40b9e369;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 889s [p11_child[1945]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 889s [p11_child[1945]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 889s [p11_child[1945]] [do_card] (0x4000): Certificate verified and validated. 889s [p11_child[1945]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 889s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4760-auth.output 889s + echo '-----BEGIN CERTIFICATE-----' 889s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4760-auth.output 889s + echo '-----END CERTIFICATE-----' 889s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4760-auth.pem 889s Certificate: 889s Data: 889s Version: 3 (0x2) 889s Serial Number: 5 (0x5) 889s Signature Algorithm: sha256WithRSAEncryption 889s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 889s Validity 889s Not Before: Jun 14 15:27:00 2024 GMT 889s Not After : Jun 14 15:27:00 2025 GMT 889s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 889s Subject Public Key Info: 889s Public Key Algorithm: rsaEncryption 889s Public-Key: (1024 bit) 889s Modulus: 889s 00:dd:ad:30:de:66:c1:21:85:3e:cf:94:fe:f1:85: 889s a1:b0:77:02:55:19:78:58:9c:bc:6f:89:54:7a:db: 889s e8:0a:f2:59:b3:85:4e:2b:e8:26:d2:bc:76:60:45: 889s 47:97:db:18:86:4e:9e:6b:4a:70:d9:8e:56:13:03: 889s 2e:90:7b:5f:59:6d:28:db:c3:74:65:5a:11:9c:70: 889s 58:95:f1:fc:f2:27:e9:18:ca:28:c8:9d:82:72:20: 889s c8:7a:9d:24:55:cd:7a:27:34:e6:5f:e4:f7:e9:d2: 889s ea:82:c9:55:f4:e2:0a:46:aa:d6:64:37:08:b9:51: 889s df:8e:99:e7:46:14:4e:0e:d1 889s Exponent: 65537 (0x10001) 889s X509v3 extensions: 889s X509v3 Authority Key Identifier: 889s B8:4E:A5:9A:FE:16:44:41:39:63:5B:6A:CB:E3:F5:75:1E:03:1A:C9 889s X509v3 Basic Constraints: 889s CA:FALSE 889s Netscape Cert Type: 889s SSL Client, S/MIME 889s Netscape Comment: 889s Test Organization Sub Intermediate CA trusted Certificate 889s X509v3 Subject Key Identifier: 889s FA:4B:B9:D6:95:24:70:E7:72:ED:57:CC:34:33:A1:36:C6:84:3A:33 889s X509v3 Key Usage: critical 889s Digital Signature, Non Repudiation, Key Encipherment 889s X509v3 Extended Key Usage: 889s TLS Web Client Authentication, E-mail Protection 889s X509v3 Subject Alternative Name: 889s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 889s Signature Algorithm: sha256WithRSAEncryption 889s Signature Value: 889s 60:a9:44:d8:b1:f8:ba:49:b7:c9:2f:a6:50:2a:2a:07:c5:a6: 889s 7e:14:52:81:2f:9f:ac:c8:54:ec:0e:80:66:af:e2:8e:5c:db: 889s 37:a9:03:da:e7:47:cb:39:b3:95:8c:5f:8a:63:b1:64:8d:ba: 889s 76:9b:5e:46:5b:2b:f7:53:bb:df:0c:a7:4a:0a:8e:51:cc:2d: 889s 7f:49:96:c1:0c:a1:d7:d3:78:ae:c1:52:df:ab:74:6a:ad:24: 889s 17:b3:6c:94:52:8e:28:d0:a5:1d:92:12:99:a2:c3:bb:7f:65: 889s 00:6d:e1:79:18:c1:b1:3c:89:53:9b:b3:6d:40:98:7d:9f:5f: 889s 43:de 889s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-4760-auth.pem 890s + found_md5=Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 890s + '[' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 '!=' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 ']' 890s + valid_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem partial_chain 890s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem partial_chain 890s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 890s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 890s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 890s + local verify_option=partial_chain 890s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 890s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 890s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 890s + local key_cn 890s + local key_name 890s + local tokens_dir 890s + local output_cert_file 890s + token_name= 890s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 890s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 890s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 890s ++ sed -n 's/ *commonName *= //p' 890s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 890s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 890s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 890s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 890s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 890s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 890s + token_name='Test Organization Sub Int Token' 890s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 890s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 890s + echo 'Test Organization Sub Int Token' 890s Test Organization Sub Int Token 890s + '[' -n partial_chain ']' 890s + local verify_arg=--verify=partial_chain 890s + local output_base_name=SSSD-child-21586 890s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-21586.output 890s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-21586.pem 890s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem 890s [p11_child[1955]] [main] (0x0400): p11_child started. 890s [p11_child[1955]] [main] (0x2000): Running in [pre-auth] mode. 890s [p11_child[1955]] [main] (0x2000): Running with effective IDs: [0][0]. 890s [p11_child[1955]] [main] (0x2000): Running with real IDs [0][0]. 890s [p11_child[1955]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 890s [p11_child[1955]] [do_card] (0x4000): Module List: 890s [p11_child[1955]] [do_card] (0x4000): common name: [softhsm2]. 890s [p11_child[1955]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 890s [p11_child[1955]] [do_card] (0x4000): Description [SoftHSM slot ID 0x40b9e369] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 890s [p11_child[1955]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 890s [p11_child[1955]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x40b9e369][1085924201] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 890s [p11_child[1955]] [do_card] (0x4000): Login NOT required. 890s [p11_child[1955]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 890s [p11_child[1955]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 890s [p11_child[1955]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 890s [p11_child[1955]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x40b9e369;slot-manufacturer=SoftHSM%20project;slot-id=1085924201;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cfa3586d40b9e369;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 890s [p11_child[1955]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 890s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-21586.output 890s + echo '-----BEGIN CERTIFICATE-----' 890s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-21586.output 890s + echo '-----END CERTIFICATE-----' 890s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-21586.pem 890s Certificate: 890s Data: 890s Version: 3 (0x2) 890s Serial Number: 5 (0x5) 890s Signature Algorithm: sha256WithRSAEncryption 890s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 890s Validity 890s Not Before: Jun 14 15:27:00 2024 GMT 890s Not After : Jun 14 15:27:00 2025 GMT 890s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 890s Subject Public Key Info: 890s Public Key Algorithm: rsaEncryption 890s Public-Key: (1024 bit) 890s Modulus: 890s 00:dd:ad:30:de:66:c1:21:85:3e:cf:94:fe:f1:85: 890s a1:b0:77:02:55:19:78:58:9c:bc:6f:89:54:7a:db: 890s e8:0a:f2:59:b3:85:4e:2b:e8:26:d2:bc:76:60:45: 890s 47:97:db:18:86:4e:9e:6b:4a:70:d9:8e:56:13:03: 890s 2e:90:7b:5f:59:6d:28:db:c3:74:65:5a:11:9c:70: 890s 58:95:f1:fc:f2:27:e9:18:ca:28:c8:9d:82:72:20: 890s c8:7a:9d:24:55:cd:7a:27:34:e6:5f:e4:f7:e9:d2: 890s ea:82:c9:55:f4:e2:0a:46:aa:d6:64:37:08:b9:51: 890s df:8e:99:e7:46:14:4e:0e:d1 890s Exponent: 65537 (0x10001) 890s X509v3 extensions: 890s X509v3 Authority Key Identifier: 890s B8:4E:A5:9A:FE:16:44:41:39:63:5B:6A:CB:E3:F5:75:1E:03:1A:C9 890s X509v3 Basic Constraints: 890s CA:FALSE 890s Netscape Cert Type: 890s SSL Client, S/MIME 890s Netscape Comment: 890s Test Organization Sub Intermediate CA trusted Certificate 890s X509v3 Subject Key Identifier: 890s FA:4B:B9:D6:95:24:70:E7:72:ED:57:CC:34:33:A1:36:C6:84:3A:33 890s X509v3 Key Usage: critical 890s Digital Signature, Non Repudiation, Key Encipherment 890s X509v3 Extended Key Usage: 890s TLS Web Client Authentication, E-mail Protection 890s X509v3 Subject Alternative Name: 890s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 890s Signature Algorithm: sha256WithRSAEncryption 890s Signature Value: 890s 60:a9:44:d8:b1:f8:ba:49:b7:c9:2f:a6:50:2a:2a:07:c5:a6: 890s 7e:14:52:81:2f:9f:ac:c8:54:ec:0e:80:66:af:e2:8e:5c:db: 890s 37:a9:03:da:e7:47:cb:39:b3:95:8c:5f:8a:63:b1:64:8d:ba: 890s 76:9b:5e:46:5b:2b:f7:53:bb:df:0c:a7:4a:0a:8e:51:cc:2d: 890s 7f:49:96:c1:0c:a1:d7:d3:78:ae:c1:52:df:ab:74:6a:ad:24: 890s 17:b3:6c:94:52:8e:28:d0:a5:1d:92:12:99:a2:c3:bb:7f:65: 890s 00:6d:e1:79:18:c1:b1:3c:89:53:9b:b3:6d:40:98:7d:9f:5f: 890s 43:de 890s + local found_md5 expected_md5 890s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 890s + expected_md5=Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 890s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-21586.pem 890s + found_md5=Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 890s + '[' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 '!=' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 ']' 890s + output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-21586-auth.output 890s ++ basename /tmp/sssd-softhsm2-EJdWyP/SSSD-child-21586-auth.output .output 890s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-21586-auth.pem 890s + echo -n 053350 890s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 890s [p11_child[1963]] [main] (0x0400): p11_child started. 890s [p11_child[1963]] [main] (0x2000): Running in [auth] mode. 890s [p11_child[1963]] [main] (0x2000): Running with effective IDs: [0][0]. 890s [p11_child[1963]] [main] (0x2000): Running with real IDs [0][0]. 890s [p11_child[1963]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 890s [p11_child[1963]] [do_card] (0x4000): Module List: 890s [p11_child[1963]] [do_card] (0x4000): common name: [softhsm2]. 890s [p11_child[1963]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 890s [p11_child[1963]] [do_card] (0x4000): Description [SoftHSM slot ID 0x40b9e369] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 890s [p11_child[1963]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 890s [p11_child[1963]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x40b9e369][1085924201] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 890s [p11_child[1963]] [do_card] (0x4000): Login required. 890s [p11_child[1963]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 890s [p11_child[1963]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 890s [p11_child[1963]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 890s [p11_child[1963]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x40b9e369;slot-manufacturer=SoftHSM%20project;slot-id=1085924201;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cfa3586d40b9e369;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 890s [p11_child[1963]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 890s [p11_child[1963]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 890s [p11_child[1963]] [do_card] (0x4000): Certificate verified and validated. 890s [p11_child[1963]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 890s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-21586-auth.output 890s + echo '-----BEGIN CERTIFICATE-----' 890s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-21586-auth.output 890s + echo '-----END CERTIFICATE-----' 890s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-21586-auth.pem 890s Certificate: 890s Data: 890s Version: 3 (0x2) 890s Serial Number: 5 (0x5) 890s Signature Algorithm: sha256WithRSAEncryption 890s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 890s Validity 890s Not Before: Jun 14 15:27:00 2024 GMT 890s Not After : Jun 14 15:27:00 2025 GMT 890s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 890s Subject Public Key Info: 890s Public Key Algorithm: rsaEncryption 890s Public-Key: (1024 bit) 890s Modulus: 890s 00:dd:ad:30:de:66:c1:21:85:3e:cf:94:fe:f1:85: 890s a1:b0:77:02:55:19:78:58:9c:bc:6f:89:54:7a:db: 890s e8:0a:f2:59:b3:85:4e:2b:e8:26:d2:bc:76:60:45: 890s 47:97:db:18:86:4e:9e:6b:4a:70:d9:8e:56:13:03: 890s 2e:90:7b:5f:59:6d:28:db:c3:74:65:5a:11:9c:70: 890s 58:95:f1:fc:f2:27:e9:18:ca:28:c8:9d:82:72:20: 890s c8:7a:9d:24:55:cd:7a:27:34:e6:5f:e4:f7:e9:d2: 890s ea:82:c9:55:f4:e2:0a:46:aa:d6:64:37:08:b9:51: 890s df:8e:99:e7:46:14:4e:0e:d1 890s Exponent: 65537 (0x10001) 890s X509v3 extensions: 890s X509v3 Authority Key Identifier: 890s B8:4E:A5:9A:FE:16:44:41:39:63:5B:6A:CB:E3:F5:75:1E:03:1A:C9 890s X509v3 Basic Constraints: 890s CA:FALSE 890s Netscape Cert Type: 890s SSL Client, S/MIME 890s Netscape Comment: 890s Test Organization Sub Intermediate CA trusted Certificate 890s X509v3 Subject Key Identifier: 890s FA:4B:B9:D6:95:24:70:E7:72:ED:57:CC:34:33:A1:36:C6:84:3A:33 890s X509v3 Key Usage: critical 890s Digital Signature, Non Repudiation, Key Encipherment 890s X509v3 Extended Key Usage: 890s TLS Web Client Authentication, E-mail Protection 890s X509v3 Subject Alternative Name: 890s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 890s Signature Algorithm: sha256WithRSAEncryption 890s Signature Value: 890s 60:a9:44:d8:b1:f8:ba:49:b7:c9:2f:a6:50:2a:2a:07:c5:a6: 890s 7e:14:52:81:2f:9f:ac:c8:54:ec:0e:80:66:af:e2:8e:5c:db: 890s 37:a9:03:da:e7:47:cb:39:b3:95:8c:5f:8a:63:b1:64:8d:ba: 890s 76:9b:5e:46:5b:2b:f7:53:bb:df:0c:a7:4a:0a:8e:51:cc:2d: 890s 7f:49:96:c1:0c:a1:d7:d3:78:ae:c1:52:df:ab:74:6a:ad:24: 890s 17:b3:6c:94:52:8e:28:d0:a5:1d:92:12:99:a2:c3:bb:7f:65: 890s 00:6d:e1:79:18:c1:b1:3c:89:53:9b:b3:6d:40:98:7d:9f:5f: 890s 43:de 890s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-21586-auth.pem 890s + found_md5=Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 890s + '[' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 '!=' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 ']' 890s + invalid_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem 890s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem 890s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 890s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 890s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem 890s + local verify_option= 890s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 890s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 890s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 890s + local key_cn 890s + local key_name 890s + local tokens_dir 890s + local output_cert_file 890s + token_name= 890s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 890s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 890s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 890s ++ sed -n 's/ *commonName *= //p' 890s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 890s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 890s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 890s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 890s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 890s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 890s + token_name='Test Organization Sub Int Token' 890s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 890s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 890s + echo 'Test Organization Sub Int Token' 890s Test Organization Sub Int Token 890s + '[' -n '' ']' 890s + local output_base_name=SSSD-child-25481 890s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-25481.output 890s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-25481.pem 890s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem 890s [p11_child[1973]] [main] (0x0400): p11_child started. 890s [p11_child[1973]] [main] (0x2000): Running in [pre-auth] mode. 890s [p11_child[1973]] [main] (0x2000): Running with effective IDs: [0][0]. 890s [p11_child[1973]] [main] (0x2000): Running with real IDs [0][0]. 890s [p11_child[1973]] [do_card] (0x4000): Module List: 890s [p11_child[1973]] [do_card] (0x4000): common name: [softhsm2]. 890s [p11_child[1973]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 890s [p11_child[1973]] [do_card] (0x4000): Description [SoftHSM slot ID 0x40b9e369] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 890s [p11_child[1973]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 890s [p11_child[1973]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x40b9e369][1085924201] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 890s [p11_child[1973]] [do_card] (0x4000): Login NOT required. 890s [p11_child[1973]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 890s [p11_child[1973]] [do_verification] (0x0040): X509_verify_cert failed [0]. 890s [p11_child[1973]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 890s [p11_child[1973]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 890s [p11_child[1973]] [do_card] (0x4000): No certificate found. 890s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-25481.output 890s + return 2 890s + invalid_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-root-intermediate-chain-CA.pem partial_chain 890s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-root-intermediate-chain-CA.pem partial_chain 890s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 890s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 890s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-root-intermediate-chain-CA.pem 890s + local verify_option=partial_chain 890s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 890s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 890s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 890s + local key_cn 890s + local key_name 890s + local tokens_dir 890s + local output_cert_file 890s + token_name= 890s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 890s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 890s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 890s ++ sed -n 's/ *commonName *= //p' 890s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 890s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 890s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 890s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 890s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 890s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 890s + token_name='Test Organization Sub Int Token' 890s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 890s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 890s + echo 'Test Organization Sub Int Token' 890s + '[' -n partial_chain ']' 890s Test Organization Sub Int Token 890s + local verify_arg=--verify=partial_chain 890s + local output_base_name=SSSD-child-9635 890s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-9635.output 890s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-9635.pem 890s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-root-intermediate-chain-CA.pem 890s [p11_child[1980]] [main] (0x0400): p11_child started. 890s [p11_child[1980]] [main] (0x2000): Running in [pre-auth] mode. 890s [p11_child[1980]] [main] (0x2000): Running with effective IDs: [0][0]. 890s [p11_child[1980]] [main] (0x2000): Running with real IDs [0][0]. 890s [p11_child[1980]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 890s [p11_child[1980]] [do_card] (0x4000): Module List: 890s [p11_child[1980]] [do_card] (0x4000): common name: [softhsm2]. 890s [p11_child[1980]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 890s [p11_child[1980]] [do_card] (0x4000): Description [SoftHSM slot ID 0x40b9e369] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 890s [p11_child[1980]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 890s [p11_child[1980]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x40b9e369][1085924201] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 890s [p11_child[1980]] [do_card] (0x4000): Login NOT required. 890s [p11_child[1980]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 890s [p11_child[1980]] [do_verification] (0x0040): X509_verify_cert failed [0]. 890s [p11_child[1980]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 890s [p11_child[1980]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 890s [p11_child[1980]] [do_card] (0x4000): No certificate found. 890s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-9635.output 890s + return 2 890s + valid_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem partial_chain 890s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem partial_chain 890s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 890s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 890s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem 890s + local verify_option=partial_chain 890s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 890s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 890s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 890s + local key_cn 890s + local key_name 890s + local tokens_dir 890s + local output_cert_file 890s + token_name= 890s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 890s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 890s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 890s ++ sed -n 's/ *commonName *= //p' 890s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 890s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 890s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 890s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 890s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 890s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 890s + token_name='Test Organization Sub Int Token' 890s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 890s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 890s + echo 'Test Organization Sub Int Token' 890s + '[' -n partial_chain ']' 890s + local verify_arg=--verify=partial_chain 890s + local output_base_name=SSSD-child-10443 890s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-10443.output 890s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-10443.pem 890s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem 890s Test Organization Sub Int Token 890s [p11_child[1987]] [main] (0x0400): p11_child started. 890s [p11_child[1987]] [main] (0x2000): Running in [pre-auth] mode. 890s [p11_child[1987]] [main] (0x2000): Running with effective IDs: [0][0]. 890s [p11_child[1987]] [main] (0x2000): Running with real IDs [0][0]. 890s [p11_child[1987]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 890s [p11_child[1987]] [do_card] (0x4000): Module List: 890s [p11_child[1987]] [do_card] (0x4000): common name: [softhsm2]. 890s [p11_child[1987]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 890s [p11_child[1987]] [do_card] (0x4000): Description [SoftHSM slot ID 0x40b9e369] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 890s [p11_child[1987]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 890s [p11_child[1987]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x40b9e369][1085924201] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 890s [p11_child[1987]] [do_card] (0x4000): Login NOT required. 890s [p11_child[1987]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 890s [p11_child[1987]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 890s [p11_child[1987]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 890s [p11_child[1987]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x40b9e369;slot-manufacturer=SoftHSM%20project;slot-id=1085924201;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cfa3586d40b9e369;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 890s [p11_child[1987]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 890s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-10443.output 890s + echo '-----BEGIN CERTIFICATE-----' 890s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-10443.output 890s + echo '-----END CERTIFICATE-----' 890s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-10443.pem 890s Certificate: 890s Data: 890s Version: 3 (0x2) 890s Serial Number: 5 (0x5) 890s Signature Algorithm: sha256WithRSAEncryption 890s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 890s Validity 890s Not Before: Jun 14 15:27:00 2024 GMT 890s Not After : Jun 14 15:27:00 2025 GMT 890s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 890s Subject Public Key Info: 890s Public Key Algorithm: rsaEncryption 890s Public-Key: (1024 bit) 890s Modulus: 890s 00:dd:ad:30:de:66:c1:21:85:3e:cf:94:fe:f1:85: 890s a1:b0:77:02:55:19:78:58:9c:bc:6f:89:54:7a:db: 890s e8:0a:f2:59:b3:85:4e:2b:e8:26:d2:bc:76:60:45: 890s 47:97:db:18:86:4e:9e:6b:4a:70:d9:8e:56:13:03: 890s 2e:90:7b:5f:59:6d:28:db:c3:74:65:5a:11:9c:70: 890s 58:95:f1:fc:f2:27:e9:18:ca:28:c8:9d:82:72:20: 890s c8:7a:9d:24:55:cd:7a:27:34:e6:5f:e4:f7:e9:d2: 890s ea:82:c9:55:f4:e2:0a:46:aa:d6:64:37:08:b9:51: 890s df:8e:99:e7:46:14:4e:0e:d1 890s Exponent: 65537 (0x10001) 890s X509v3 extensions: 890s X509v3 Authority Key Identifier: 890s B8:4E:A5:9A:FE:16:44:41:39:63:5B:6A:CB:E3:F5:75:1E:03:1A:C9 890s X509v3 Basic Constraints: 890s CA:FALSE 890s Netscape Cert Type: 890s SSL Client, S/MIME 890s Netscape Comment: 890s Test Organization Sub Intermediate CA trusted Certificate 890s X509v3 Subject Key Identifier: 890s FA:4B:B9:D6:95:24:70:E7:72:ED:57:CC:34:33:A1:36:C6:84:3A:33 890s X509v3 Key Usage: critical 890s Digital Signature, Non Repudiation, Key Encipherment 890s X509v3 Extended Key Usage: 890s TLS Web Client Authentication, E-mail Protection 890s X509v3 Subject Alternative Name: 890s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 890s Signature Algorithm: sha256WithRSAEncryption 890s Signature Value: 890s 60:a9:44:d8:b1:f8:ba:49:b7:c9:2f:a6:50:2a:2a:07:c5:a6: 890s 7e:14:52:81:2f:9f:ac:c8:54:ec:0e:80:66:af:e2:8e:5c:db: 890s 37:a9:03:da:e7:47:cb:39:b3:95:8c:5f:8a:63:b1:64:8d:ba: 890s 76:9b:5e:46:5b:2b:f7:53:bb:df:0c:a7:4a:0a:8e:51:cc:2d: 890s 7f:49:96:c1:0c:a1:d7:d3:78:ae:c1:52:df:ab:74:6a:ad:24: 890s 17:b3:6c:94:52:8e:28:d0:a5:1d:92:12:99:a2:c3:bb:7f:65: 890s 00:6d:e1:79:18:c1:b1:3c:89:53:9b:b3:6d:40:98:7d:9f:5f: 890s 43:de 890s + local found_md5 expected_md5 890s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 890s + expected_md5=Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 890s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-10443.pem 890s + found_md5=Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 890s + '[' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 '!=' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 ']' 890s + output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-10443-auth.output 891s ++ basename /tmp/sssd-softhsm2-EJdWyP/SSSD-child-10443-auth.output .output 891s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-10443-auth.pem 891s + echo -n 053350 891s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 891s [p11_child[1995]] [main] (0x0400): p11_child started. 891s [p11_child[1995]] [main] (0x2000): Running in [auth] mode. 891s [p11_child[1995]] [main] (0x2000): Running with effective IDs: [0][0]. 891s [p11_child[1995]] [main] (0x2000): Running with real IDs [0][0]. 891s [p11_child[1995]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 891s [p11_child[1995]] [do_card] (0x4000): Module List: 891s [p11_child[1995]] [do_card] (0x4000): common name: [softhsm2]. 891s [p11_child[1995]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 891s [p11_child[1995]] [do_card] (0x4000): Description [SoftHSM slot ID 0x40b9e369] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 891s [p11_child[1995]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 891s [p11_child[1995]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x40b9e369][1085924201] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 891s [p11_child[1995]] [do_card] (0x4000): Login required. 891s [p11_child[1995]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 891s [p11_child[1995]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 891s [p11_child[1995]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 891s [p11_child[1995]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x40b9e369;slot-manufacturer=SoftHSM%20project;slot-id=1085924201;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cfa3586d40b9e369;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 891s [p11_child[1995]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 891s [p11_child[1995]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 891s [p11_child[1995]] [do_card] (0x4000): Certificate verified and validated. 891s [p11_child[1995]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 891s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-10443-auth.output 891s + echo '-----BEGIN CERTIFICATE-----' 891s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-10443-auth.output 891s + echo '-----END CERTIFICATE-----' 891s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-10443-auth.pem 891s Certificate: 891s Data: 891s Version: 3 (0x2) 891s Serial Number: 5 (0x5) 891s Signature Algorithm: sha256WithRSAEncryption 891s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 891s Validity 891s Not Before: Jun 14 15:27:00 2024 GMT 891s Not After : Jun 14 15:27:00 2025 GMT 891s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 891s Subject Public Key Info: 891s Public Key Algorithm: rsaEncryption 891s Public-Key: (1024 bit) 891s Modulus: 891s 00:dd:ad:30:de:66:c1:21:85:3e:cf:94:fe:f1:85: 891s a1:b0:77:02:55:19:78:58:9c:bc:6f:89:54:7a:db: 891s e8:0a:f2:59:b3:85:4e:2b:e8:26:d2:bc:76:60:45: 891s 47:97:db:18:86:4e:9e:6b:4a:70:d9:8e:56:13:03: 891s 2e:90:7b:5f:59:6d:28:db:c3:74:65:5a:11:9c:70: 891s 58:95:f1:fc:f2:27:e9:18:ca:28:c8:9d:82:72:20: 891s c8:7a:9d:24:55:cd:7a:27:34:e6:5f:e4:f7:e9:d2: 891s ea:82:c9:55:f4:e2:0a:46:aa:d6:64:37:08:b9:51: 891s df:8e:99:e7:46:14:4e:0e:d1 891s Exponent: 65537 (0x10001) 891s X509v3 extensions: 891s X509v3 Authority Key Identifier: 891s B8:4E:A5:9A:FE:16:44:41:39:63:5B:6A:CB:E3:F5:75:1E:03:1A:C9 891s X509v3 Basic Constraints: 891s CA:FALSE 891s Netscape Cert Type: 891s SSL Client, S/MIME 891s Netscape Comment: 891s Test Organization Sub Intermediate CA trusted Certificate 891s X509v3 Subject Key Identifier: 891s FA:4B:B9:D6:95:24:70:E7:72:ED:57:CC:34:33:A1:36:C6:84:3A:33 891s X509v3 Key Usage: critical 891s Digital Signature, Non Repudiation, Key Encipherment 891s X509v3 Extended Key Usage: 891s TLS Web Client Authentication, E-mail Protection 891s X509v3 Subject Alternative Name: 891s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 891s Signature Algorithm: sha256WithRSAEncryption 891s Signature Value: 891s 60:a9:44:d8:b1:f8:ba:49:b7:c9:2f:a6:50:2a:2a:07:c5:a6: 891s 7e:14:52:81:2f:9f:ac:c8:54:ec:0e:80:66:af:e2:8e:5c:db: 891s 37:a9:03:da:e7:47:cb:39:b3:95:8c:5f:8a:63:b1:64:8d:ba: 891s 76:9b:5e:46:5b:2b:f7:53:bb:df:0c:a7:4a:0a:8e:51:cc:2d: 891s 7f:49:96:c1:0c:a1:d7:d3:78:ae:c1:52:df:ab:74:6a:ad:24: 891s 17:b3:6c:94:52:8e:28:d0:a5:1d:92:12:99:a2:c3:bb:7f:65: 891s 00:6d:e1:79:18:c1:b1:3c:89:53:9b:b3:6d:40:98:7d:9f:5f: 891s 43:de 891s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-10443-auth.pem 891s + found_md5=Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 891s + '[' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 '!=' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 ']' 891s + valid_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-intermediate-sub-chain-CA.pem partial_chain 891s + check_certificate /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 /tmp/sssd-softhsm2-EJdWyP/test-intermediate-sub-chain-CA.pem partial_chain 891s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 891s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 891s + local key_ring=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-sub-chain-CA.pem 891s + local verify_option=partial_chain 891s + prepare_softhsm2_card /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4402 891s + local certificate=/tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 891s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4402 891s + local key_cn 891s + local key_name 891s + local tokens_dir 891s + local output_cert_file 891s + token_name= 891s ++ basename /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 891s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 891s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 891s ++ sed -n 's/ *commonName *= //p' 891s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 891s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 891s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 891s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 891s ++ basename /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 891s + tokens_dir=/tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 891s + token_name='Test Organization Sub Int Token' 891s + '[' '!' -e /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 891s + '[' '!' -d /tmp/sssd-softhsm2-EJdWyP/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 891s + echo 'Test Organization Sub Int Token' 891s Test Organization Sub Int Token 891s + '[' -n partial_chain ']' 891s + local verify_arg=--verify=partial_chain 891s + local output_base_name=SSSD-child-14747 891s + local output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-14747.output 891s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-14747.pem 891s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-sub-chain-CA.pem 891s [p11_child[2005]] [main] (0x0400): p11_child started. 891s [p11_child[2005]] [main] (0x2000): Running in [pre-auth] mode. 891s [p11_child[2005]] [main] (0x2000): Running with effective IDs: [0][0]. 891s [p11_child[2005]] [main] (0x2000): Running with real IDs [0][0]. 891s [p11_child[2005]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 891s [p11_child[2005]] [do_card] (0x4000): Module List: 891s [p11_child[2005]] [do_card] (0x4000): common name: [softhsm2]. 891s [p11_child[2005]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 891s [p11_child[2005]] [do_card] (0x4000): Description [SoftHSM slot ID 0x40b9e369] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 891s [p11_child[2005]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 891s [p11_child[2005]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x40b9e369][1085924201] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 891s [p11_child[2005]] [do_card] (0x4000): Login NOT required. 891s [p11_child[2005]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 891s [p11_child[2005]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 891s [p11_child[2005]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 891s [p11_child[2005]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x40b9e369;slot-manufacturer=SoftHSM%20project;slot-id=1085924201;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cfa3586d40b9e369;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 891s [p11_child[2005]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 891s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-14747.output 891s + echo '-----BEGIN CERTIFICATE-----' 891s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-14747.output 891s + echo '-----END CERTIFICATE-----' 891s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-14747.pem 891s + local found_md5 expected_md5 891s Certificate: 891s Data: 891s Version: 3 (0x2) 891s Serial Number: 5 (0x5) 891s Signature Algorithm: sha256WithRSAEncryption 891s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 891s Validity 891s Not Before: Jun 14 15:27:00 2024 GMT 891s Not After : Jun 14 15:27:00 2025 GMT 891s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 891s Subject Public Key Info: 891s Public Key Algorithm: rsaEncryption 891s Public-Key: (1024 bit) 891s Modulus: 891s 00:dd:ad:30:de:66:c1:21:85:3e:cf:94:fe:f1:85: 891s a1:b0:77:02:55:19:78:58:9c:bc:6f:89:54:7a:db: 891s e8:0a:f2:59:b3:85:4e:2b:e8:26:d2:bc:76:60:45: 891s 47:97:db:18:86:4e:9e:6b:4a:70:d9:8e:56:13:03: 891s 2e:90:7b:5f:59:6d:28:db:c3:74:65:5a:11:9c:70: 891s 58:95:f1:fc:f2:27:e9:18:ca:28:c8:9d:82:72:20: 891s c8:7a:9d:24:55:cd:7a:27:34:e6:5f:e4:f7:e9:d2: 891s ea:82:c9:55:f4:e2:0a:46:aa:d6:64:37:08:b9:51: 891s df:8e:99:e7:46:14:4e:0e:d1 891s Exponent: 65537 (0x10001) 891s X509v3 extensions: 891s X509v3 Authority Key Identifier: 891s B8:4E:A5:9A:FE:16:44:41:39:63:5B:6A:CB:E3:F5:75:1E:03:1A:C9 891s X509v3 Basic Constraints: 891s CA:FALSE 891s Netscape Cert Type: 891s SSL Client, S/MIME 891s Netscape Comment: 891s Test Organization Sub Intermediate CA trusted Certificate 891s X509v3 Subject Key Identifier: 891s FA:4B:B9:D6:95:24:70:E7:72:ED:57:CC:34:33:A1:36:C6:84:3A:33 891s X509v3 Key Usage: critical 891s Digital Signature, Non Repudiation, Key Encipherment 891s X509v3 Extended Key Usage: 891s TLS Web Client Authentication, E-mail Protection 891s X509v3 Subject Alternative Name: 891s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 891s Signature Algorithm: sha256WithRSAEncryption 891s Signature Value: 891s 60:a9:44:d8:b1:f8:ba:49:b7:c9:2f:a6:50:2a:2a:07:c5:a6: 891s 7e:14:52:81:2f:9f:ac:c8:54:ec:0e:80:66:af:e2:8e:5c:db: 891s 37:a9:03:da:e7:47:cb:39:b3:95:8c:5f:8a:63:b1:64:8d:ba: 891s 76:9b:5e:46:5b:2b:f7:53:bb:df:0c:a7:4a:0a:8e:51:cc:2d: 891s 7f:49:96:c1:0c:a1:d7:d3:78:ae:c1:52:df:ab:74:6a:ad:24: 891s 17:b3:6c:94:52:8e:28:d0:a5:1d:92:12:99:a2:c3:bb:7f:65: 891s 00:6d:e1:79:18:c1:b1:3c:89:53:9b:b3:6d:40:98:7d:9f:5f: 891s 43:de 891s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/test-sub-intermediate-CA-trusted-certificate-0001.pem 891s + expected_md5=Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 891s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-14747.pem 891s + found_md5=Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 891s + '[' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 '!=' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 ']' 891s + output_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-14747-auth.output 891s ++ basename /tmp/sssd-softhsm2-EJdWyP/SSSD-child-14747-auth.output .output 891s + output_cert_file=/tmp/sssd-softhsm2-EJdWyP/SSSD-child-14747-auth.pem 891s + echo -n 053350 891s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-EJdWyP/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 891s [p11_child[2013]] [main] (0x0400): p11_child started. 891s [p11_child[2013]] [main] (0x2000): Running in [auth] mode. 891s [p11_child[2013]] [main] (0x2000): Running with effective IDs: [0][0]. 891s [p11_child[2013]] [main] (0x2000): Running with real IDs [0][0]. 891s [p11_child[2013]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 891s [p11_child[2013]] [do_card] (0x4000): Module List: 891s [p11_child[2013]] [do_card] (0x4000): common name: [softhsm2]. 891s [p11_child[2013]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 891s [p11_child[2013]] [do_card] (0x4000): Description [SoftHSM slot ID 0x40b9e369] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 891s [p11_child[2013]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 891s [p11_child[2013]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x40b9e369][1085924201] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 891s [p11_child[2013]] [do_card] (0x4000): Login required. 891s [p11_child[2013]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 891s [p11_child[2013]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 891s [p11_child[2013]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 891s [p11_child[2013]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x40b9e369;slot-manufacturer=SoftHSM%20project;slot-id=1085924201;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cfa3586d40b9e369;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 891s [p11_child[2013]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 891s [p11_child[2013]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 891s [p11_child[2013]] [do_card] (0x4000): Certificate verified and validated. 891s [p11_child[2013]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 891s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-14747-auth.output 891s + echo '-----BEGIN CERTIFICATE-----' 891s + tail -n1 /tmp/sssd-softhsm2-EJdWyP/SSSD-child-14747-auth.output 891s + echo '-----END CERTIFICATE-----' 891s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-14747-auth.pem 891s Certificate: 891s Data: 891s Version: 3 (0x2) 891s Serial Number: 5 (0x5) 891s Signature Algorithm: sha256WithRSAEncryption 891s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 891s Validity 891s Not Before: Jun 14 15:27:00 2024 GMT 891s Not After : Jun 14 15:27:00 2025 GMT 891s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 891s Subject Public Key Info: 891s Public Key Algorithm: rsaEncryption 891s Public-Key: (1024 bit) 891s Modulus: 891s 00:dd:ad:30:de:66:c1:21:85:3e:cf:94:fe:f1:85: 891s a1:b0:77:02:55:19:78:58:9c:bc:6f:89:54:7a:db: 891s e8:0a:f2:59:b3:85:4e:2b:e8:26:d2:bc:76:60:45: 891s 47:97:db:18:86:4e:9e:6b:4a:70:d9:8e:56:13:03: 891s 2e:90:7b:5f:59:6d:28:db:c3:74:65:5a:11:9c:70: 891s 58:95:f1:fc:f2:27:e9:18:ca:28:c8:9d:82:72:20: 891s c8:7a:9d:24:55:cd:7a:27:34:e6:5f:e4:f7:e9:d2: 891s ea:82:c9:55:f4:e2:0a:46:aa:d6:64:37:08:b9:51: 891s df:8e:99:e7:46:14:4e:0e:d1 891s Exponent: 65537 (0x10001) 891s X509v3 extensions: 891s X509v3 Authority Key Identifier: 891s B8:4E:A5:9A:FE:16:44:41:39:63:5B:6A:CB:E3:F5:75:1E:03:1A:C9 891s X509v3 Basic Constraints: 891s CA:FALSE 891s Netscape Cert Type: 891s SSL Client, S/MIME 891s Netscape Comment: 891s Test Organization Sub Intermediate CA trusted Certificate 891s X509v3 Subject Key Identifier: 891s FA:4B:B9:D6:95:24:70:E7:72:ED:57:CC:34:33:A1:36:C6:84:3A:33 891s X509v3 Key Usage: critical 891s Digital Signature, Non Repudiation, Key Encipherment 891s X509v3 Extended Key Usage: 891s TLS Web Client Authentication, E-mail Protection 891s X509v3 Subject Alternative Name: 891s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 891s Signature Algorithm: sha256WithRSAEncryption 891s Signature Value: 891s 60:a9:44:d8:b1:f8:ba:49:b7:c9:2f:a6:50:2a:2a:07:c5:a6: 891s 7e:14:52:81:2f:9f:ac:c8:54:ec:0e:80:66:af:e2:8e:5c:db: 891s 37:a9:03:da:e7:47:cb:39:b3:95:8c:5f:8a:63:b1:64:8d:ba: 891s 76:9b:5e:46:5b:2b:f7:53:bb:df:0c:a7:4a:0a:8e:51:cc:2d: 891s 7f:49:96:c1:0c:a1:d7:d3:78:ae:c1:52:df:ab:74:6a:ad:24: 891s 17:b3:6c:94:52:8e:28:d0:a5:1d:92:12:99:a2:c3:bb:7f:65: 891s 00:6d:e1:79:18:c1:b1:3c:89:53:9b:b3:6d:40:98:7d:9f:5f: 891s 43:de 891s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-EJdWyP/SSSD-child-14747-auth.pem 891s + found_md5=Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 891s + '[' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 '!=' Modulus=DDAD30DE66C121853ECF94FEF185A1B07702551978589CBC6F89547ADBE80AF259B3854E2BE826D2BC7660454797DB18864E9E6B4A70D98E5613032E907B5F596D28DBC374655A119C705895F1FCF227E918CA28C89D827220C87A9D2455CD7A2734E65FE4F7E9D2EA82C955F4E20A46AAD6643708B951DF8E99E746144E0ED1 ']' 891s + set +x 891s 891s Test completed, Root CA and intermediate issued certificates verified! 892s autopkgtest [15:27:20]: test sssd-softhism2-certificates-tests.sh: -----------------------] 896s autopkgtest [15:27:24]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 896s sssd-softhism2-certificates-tests.sh PASS 900s autopkgtest [15:27:28]: test sssd-smart-card-pam-auth-configs: preparing testbed 910s Reading package lists... 910s Building dependency tree... 910s Reading state information... 911s Starting pkgProblemResolver with broken count: 0 911s Starting 2 pkgProblemResolver with broken count: 0 911s Done 911s The following additional packages will be installed: 911s pamtester 912s The following NEW packages will be installed: 912s autopkgtest-satdep pamtester 912s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 912s Need to get 11.4 kB/12.1 kB of archives. 912s After this operation, 31.7 kB of additional disk space will be used. 912s Get:1 /tmp/autopkgtest.f2NMSQ/4-autopkgtest-satdep.deb autopkgtest-satdep armhf 0 [764 B] 912s Get:2 http://ftpmaster.internal/ubuntu noble/universe armhf pamtester armhf 0.1.2-4 [11.4 kB] 913s Fetched 11.4 kB in 1s (21.4 kB/s) 913s Selecting previously unselected package pamtester. 913s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 58500 files and directories currently installed.) 913s Preparing to unpack .../pamtester_0.1.2-4_armhf.deb ... 913s Unpacking pamtester (0.1.2-4) ... 913s Selecting previously unselected package autopkgtest-satdep. 913s Preparing to unpack .../4-autopkgtest-satdep.deb ... 913s Unpacking autopkgtest-satdep (0) ... 914s Setting up pamtester (0.1.2-4) ... 914s Setting up autopkgtest-satdep (0) ... 914s Processing triggers for man-db (2.12.0-4build2) ... 930s (Reading database ... 58506 files and directories currently installed.) 930s Removing autopkgtest-satdep (0) ... 937s autopkgtest [15:28:05]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 937s autopkgtest [15:28:05]: test sssd-smart-card-pam-auth-configs: [----------------------- 940s + '[' -z ubuntu ']' 940s + export DEBIAN_FRONTEND=noninteractive 940s + DEBIAN_FRONTEND=noninteractive 940s + required_tools=(pamtester softhsm2-util sssd) 940s + [[ ! -v OFFLINE_MODE ]] 940s + for cmd in "${required_tools[@]}" 940s + command -v pamtester 940s + for cmd in "${required_tools[@]}" 940s + command -v softhsm2-util 940s + for cmd in "${required_tools[@]}" 940s + command -v sssd 940s + PIN=123456 940s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 940s + tmpdir=/tmp/sssd-softhsm2-certs-Y8ENbH 940s + backupsdir= 940s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 940s + declare -a restore_paths 940s + declare -a delete_paths 940s + trap handle_exit EXIT 940s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 940s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 940s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 940s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 940s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-Y8ENbH GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 940s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-Y8ENbH 940s + GENERATE_SMART_CARDS=1 940s + KEEP_TEMPORARY_FILES=1 940s + NO_SSSD_TESTS=1 940s + bash debian/tests/sssd-softhism2-certificates-tests.sh 940s + '[' -z ubuntu ']' 940s + required_tools=(p11tool openssl softhsm2-util) 940s + for cmd in "${required_tools[@]}" 940s + command -v p11tool 940s + for cmd in "${required_tools[@]}" 940s + command -v openssl 940s + for cmd in "${required_tools[@]}" 940s + command -v softhsm2-util 940s + PIN=123456 940s +++ find /usr/lib/softhsm/libsofthsm2.so 940s +++ head -n 1 940s ++ realpath /usr/lib/softhsm/libsofthsm2.so 940s + SOFTHSM2_MODULE=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 940s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 940s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 940s + '[' '!' -v NO_SSSD_TESTS ']' 940s + '[' '!' -e /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so ']' 940s + tmpdir=/tmp/sssd-softhsm2-certs-Y8ENbH 940s + keys_size=1024 940s + [[ ! -v KEEP_TEMPORARY_FILES ]] 940s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 940s + echo -n 01 940s + touch /tmp/sssd-softhsm2-certs-Y8ENbH/index.txt 940s + mkdir -p /tmp/sssd-softhsm2-certs-Y8ENbH/new_certs 940s + cat 940s + root_ca_key_pass=pass:random-root-CA-password-11302 940s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-key.pem -passout pass:random-root-CA-password-11302 1024 941s + openssl req -passin pass:random-root-CA-password-11302 -batch -config /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA.pem 941s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA.pem 941s + cat 941s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-7905 941s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-7905 1024 941s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-7905 -config /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-11302 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-certificate-request.pem 941s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-certificate-request.pem 941s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA.config -passin pass:random-root-CA-password-11302 -keyfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem 941s Certificate Request: 941s Data: 941s Version: 1 (0x0) 941s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 941s Subject Public Key Info: 941s Public Key Algorithm: rsaEncryption 941s Public-Key: (1024 bit) 941s Modulus: 941s 00:a0:47:73:34:68:66:94:13:62:79:25:24:89:59: 941s ff:55:63:f1:07:b3:29:81:98:df:2d:8c:1c:d7:15: 941s 7b:eb:70:ff:4a:55:02:c4:e9:8c:0b:f6:b3:23:99: 941s a0:84:f3:40:32:eb:51:5f:df:85:9f:18:1b:76:52: 941s 8f:36:af:47:09:2b:22:05:48:25:d6:20:fa:43:bd: 941s 4d:63:67:2c:2e:84:16:df:73:de:85:8f:55:8f:a1: 941s 5e:de:a4:4a:2d:81:98:9c:32:5a:16:00:c0:49:32: 941s 97:36:c1:a9:14:0d:69:68:d5:66:20:de:af:79:fe: 941s 05:54:10:1c:3d:cf:cc:43:e9 941s Exponent: 65537 (0x10001) 941s Attributes: 941s (none) 941s Requested Extensions: 941s Signature Algorithm: sha256WithRSAEncryption 941s Signature Value: 941s 43:32:58:75:55:5b:38:24:71:d6:cd:7d:ec:09:53:33:13:47: 941s 97:cf:a6:ed:ee:54:4f:ef:e5:fe:e5:d8:78:e7:fa:dc:a5:a4: 941s 33:2a:2a:62:4e:d5:95:5e:24:d3:45:45:67:c3:2a:63:86:e1: 941s 1a:a3:9b:7f:97:a7:db:cf:6f:67:ce:7d:d9:42:09:65:ca:b9: 941s 07:41:b4:c0:b0:b0:93:a1:82:28:56:5f:67:1a:98:83:40:23: 941s 04:09:98:cd:76:71:fd:66:44:b1:a3:70:b7:eb:23:2e:f9:13: 941s 3c:1f:dc:2b:90:39:6d:8f:fe:ce:4b:ac:3a:f2:58:4b:52:56: 941s 1f:4f 941s Using configuration from /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA.config 941s Check that the request matches the signature 941s Signature ok 941s Certificate Details: 941s Serial Number: 1 (0x1) 941s Validity 941s Not Before: Jun 14 15:28:09 2024 GMT 941s Not After : Jun 14 15:28:09 2025 GMT 941s Subject: 941s organizationName = Test Organization 941s organizationalUnitName = Test Organization Unit 941s commonName = Test Organization Intermediate CA 941s X509v3 extensions: 941s X509v3 Subject Key Identifier: 941s 14:C2:C4:87:BF:68:D3:8A:C0:AA:D7:7C:6A:E2:0A:72:55:91:63:D2 941s X509v3 Authority Key Identifier: 941s keyid:2D:D3:9B:07:E3:D5:65:8F:3F:F7:7B:0C:30:12:E7:D5:33:99:A2:51 941s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 941s serial:00 941s X509v3 Basic Constraints: 941s CA:TRUE 941s X509v3 Key Usage: critical 941s Digital Signature, Certificate Sign, CRL Sign 941s Certificate is to be certified until Jun 14 15:28:09 2025 GMT (365 days) 941s 941s Write out database with 1 new entries 941s Database updated 941s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem 941s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem 941s /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem: OK 941s + cat 941s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-5756 941s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-5756 1024 941s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-5756 -config /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-7905 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-certificate-request.pem 941s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-certificate-request.pem 941s Certificate Request: 941s Data: 941s Version: 1 (0x0) 941s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 941s Subject Public Key Info: 941s Public Key Algorithm: rsaEncryption 941s Public-Key: (1024 bit) 941s Modulus: 941s 00:f9:7b:40:0f:69:9a:94:18:e8:b1:f3:14:d6:41: 941s 35:f9:bb:f7:c3:ec:7a:b4:e2:3f:34:80:50:4e:62: 941s b6:2a:7a:ff:c7:4f:49:2e:59:69:21:fd:19:18:fd: 941s a1:79:fd:89:e0:32:d7:44:20:6e:21:49:86:2f:dc: 941s 77:89:18:13:6a:28:0a:76:46:37:f1:09:76:54:a3: 941s 99:16:8a:cb:3e:41:c4:ce:af:df:dd:22:e0:da:a9: 941s 10:83:d0:85:76:9a:75:d8:b3:ea:6b:75:80:f3:d3: 941s f2:1b:f9:ec:f2:df:29:eb:45:e7:11:6b:55:db:46: 941s 89:c5:a3:11:9d:36:7c:e4:49 941s Exponent: 65537 (0x10001) 941s Attributes: 941s (none) 941s Requested Extensions: 941s Signature Algorithm: sha256WithRSAEncryption 941s Signature Value: 941s ad:0c:2f:c1:d7:00:41:8d:9e:f1:2a:6c:f0:5c:58:9b:16:d9: 941s 6b:2f:49:4a:67:c3:1e:96:4d:9e:19:6e:bb:3d:61:22:fe:63: 941s 71:e2:27:dd:a3:8c:b0:64:03:92:e2:1b:78:e7:d7:ed:99:b1: 941s d9:60:74:43:12:2a:e5:ad:e9:ab:89:37:0d:3e:7a:f0:1d:ed: 941s 3f:af:ef:c8:af:56:d0:ae:52:0a:a6:ef:e9:9f:d1:65:2c:ba: 941s 19:87:5a:0b:15:e3:05:d7:79:53:0f:2d:53:4d:46:b8:38:14: 941s 90:1b:68:d3:54:23:01:79:18:d9:73:1e:5e:5b:1e:20:c8:01: 941s b5:e0 941s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-7905 -keyfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem 941s Using configuration from /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.config 941s Check that the request matches the signature 941s Signature ok 941s Certificate Details: 941s Serial Number: 2 (0x2) 941s Validity 941s Not Before: Jun 14 15:28:09 2024 GMT 941s Not After : Jun 14 15:28:09 2025 GMT 941s Subject: 941s organizationName = Test Organization 941s organizationalUnitName = Test Organization Unit 941s commonName = Test Organization Sub Intermediate CA 941s X509v3 extensions: 941s X509v3 Subject Key Identifier: 941s 43:BB:6C:8B:C4:01:78:66:1E:09:F4:50:C5:70:61:53:85:66:89:06 941s X509v3 Authority Key Identifier: 941s keyid:14:C2:C4:87:BF:68:D3:8A:C0:AA:D7:7C:6A:E2:0A:72:55:91:63:D2 941s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 941s serial:01 941s X509v3 Basic Constraints: 941s CA:TRUE 941s X509v3 Key Usage: critical 941s Digital Signature, Certificate Sign, CRL Sign 941s Certificate is to be certified until Jun 14 15:28:09 2025 GMT (365 days) 941s 941s Write out database with 1 new entries 941s Database updated 941s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem 941s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem 941s /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem: OK 941s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem 941s + local cmd=openssl 941s + shift 941s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem 941s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 941s error 20 at 0 depth lookup: unable to get local issuer certificate 941s error /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem: verification failed 941s + cat 941s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-2711 941s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-2711 1024 941s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-2711 -key /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001-request.pem 941s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001-request.pem 941s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA.config -passin pass:random-root-CA-password-11302 -keyfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.pem 941s Certificate Request: 941s Data: 941s Version: 1 (0x0) 941s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 941s Subject Public Key Info: 941s Public Key Algorithm: rsaEncryption 941s Public-Key: (1024 bit) 941s Modulus: 941s 00:d2:2a:8e:df:7d:24:53:6e:01:69:7c:02:42:78: 941s f4:b8:7f:97:c1:6d:d3:36:dd:33:5d:fb:a7:4e:19: 941s 47:aa:84:f5:0e:f7:ff:e0:f3:d0:c3:6d:f2:34:a1: 941s 06:a4:dd:e2:23:2e:df:da:63:59:da:37:ba:ee:82: 941s eb:73:8d:e3:17:3d:4c:5b:d4:33:16:48:0e:44:b7: 941s 6e:48:e8:5b:74:b5:3c:ec:9e:b2:5f:7e:9a:1f:4a: 941s 87:04:05:66:72:22:a6:d9:81:32:cc:5f:b9:73:77: 941s 54:55:c8:35:b8:c1:fd:03:93:24:b1:af:b4:ca:44: 941s d1:62:b6:8c:8e:4a:0c:52:13 941s Exponent: 65537 (0x10001) 941s Attributes: 941s Requested Extensions: 941s X509v3 Basic Constraints: 941s CA:FALSE 941s Netscape Cert Type: 941s SSL Client, S/MIME 941s Netscape Comment: 941s Test Organization Root CA trusted Certificate 941s X509v3 Subject Key Identifier: 941s 70:DD:B3:A4:6E:51:0C:C2:DF:F0:46:37:2E:1B:2F:0E:73:4C:C7:0D 941s X509v3 Key Usage: critical 941s Digital Signature, Non Repudiation, Key Encipherment 941s X509v3 Extended Key Usage: 941s TLS Web Client Authentication, E-mail Protection 941s X509v3 Subject Alternative Name: 941s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 941s Signature Algorithm: sha256WithRSAEncryption 941s Signature Value: 941s 84:a2:02:69:4d:08:00:92:8c:3a:3e:c0:5e:91:c6:ee:ae:8a: 941s 12:9a:a0:ec:a0:7a:cf:1b:f3:9d:34:c1:05:57:d0:82:53:b2: 941s 68:76:2b:fe:78:88:e6:d7:c8:5a:f3:95:7a:d7:62:fd:ae:7e: 941s ac:7f:a6:55:9c:b0:b9:36:b3:69:a7:27:a9:95:8a:ad:21:d0: 941s b0:f3:f2:aa:3d:fc:fc:42:81:72:4e:fd:d1:37:ec:5c:f7:a3: 941s 2d:cf:a0:78:b8:6f:d8:de:c8:84:4f:06:2d:53:d1:e5:21:f3: 941s ff:f9:c9:98:a0:72:37:ed:c6:17:18:eb:e5:f6:46:92:bf:69: 941s dd:62 941s Using configuration from /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA.config 941s Check that the request matches the signature 941s Signature ok 941s Certificate Details: 941s Serial Number: 3 (0x3) 941s Validity 941s Not Before: Jun 14 15:28:09 2024 GMT 941s Not After : Jun 14 15:28:09 2025 GMT 941s Subject: 941s organizationName = Test Organization 941s organizationalUnitName = Test Organization Unit 941s commonName = Test Organization Root Trusted Certificate 0001 941s X509v3 extensions: 941s X509v3 Authority Key Identifier: 941s 2D:D3:9B:07:E3:D5:65:8F:3F:F7:7B:0C:30:12:E7:D5:33:99:A2:51 941s X509v3 Basic Constraints: 941s CA:FALSE 941s Netscape Cert Type: 941s SSL Client, S/MIME 941s Netscape Comment: 941s Test Organization Root CA trusted Certificate 941s X509v3 Subject Key Identifier: 941s 70:DD:B3:A4:6E:51:0C:C2:DF:F0:46:37:2E:1B:2F:0E:73:4C:C7:0D 941s X509v3 Key Usage: critical 941s Digital Signature, Non Repudiation, Key Encipherment 941s X509v3 Extended Key Usage: 941s TLS Web Client Authentication, E-mail Protection 941s X509v3 Subject Alternative Name: 941s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 941s Certificate is to be certified until Jun 14 15:28:09 2025 GMT (365 days) 941s 941s Write out database with 1 new entries 941s Database updated 941s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.pem 941s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.pem 941s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.pem 941s + local cmd=openssl 941s + shift 941s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.pem 941s /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.pem: OK 941s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 941s error 20 at 0 depth lookup: unable to get local issuer certificate 941s error /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.pem: verification failed 941s + cat 941s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-27246 941s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-27246 1024 941s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-27246 -key /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001-request.pem 941s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001-request.pem 941s Certificate Request: 941s Data: 941s Version: 1 (0x0) 941s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 941s Subject Public Key Info: 941s Public Key Algorithm: rsaEncryption 941s Public-Key: (1024 bit) 941s Modulus: 941s 00:ca:fa:04:48:99:20:b9:06:98:8a:89:2d:81:af: 941s b7:49:a0:a2:8f:eb:ca:e9:1a:84:6a:62:07:8a:32: 941s af:3b:c8:7f:10:d8:76:32:8e:db:82:88:f1:a5:56: 941s e4:13:ea:da:7f:9b:97:ae:f1:c4:62:7c:7c:7e:bf: 941s bb:00:39:47:fb:5b:f8:9a:1e:ed:c9:ec:8c:b4:7b: 941s 3e:5f:b0:3e:d9:8d:22:0c:47:0c:6c:79:44:8c:53: 941s ea:48:f0:06:67:a3:cd:90:ba:7d:22:45:fe:b1:af: 941s 67:0f:32:a4:91:4e:e8:50:6f:59:84:0b:f1:89:54: 941s 63:25:bd:3f:33:42:46:60:b1 941s Exponent: 65537 (0x10001) 941s Attributes: 941s Requested Extensions: 941s X509v3 Basic Constraints: 941s CA:FALSE 941s Netscape Cert Type: 941s SSL Client, S/MIME 941s Netscape Comment: 941s Test Organization Intermediate CA trusted Certificate 941s X509v3 Subject Key Identifier: 941s E5:75:32:BB:CF:50:4D:0C:8F:4A:E3:E7:05:F9:EB:74:21:C8:7B:D4 941s X509v3 Key Usage: critical 941s Digital Signature, Non Repudiation, Key Encipherment 941s X509v3 Extended Key Usage: 941s TLS Web Client Authentication, E-mail Protection 941s X509v3 Subject Alternative Name: 941s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 941s Signature Algorithm: sha256WithRSAEncryption 941s Signature Value: 941s 3b:cf:da:0a:4a:5e:e6:a0:96:a0:3f:3c:97:91:7c:05:2a:eb: 941s 83:68:7e:aa:cd:58:41:7d:f8:3d:8a:f8:23:ce:a7:24:47:d3: 941s 22:ba:5d:7a:65:75:d4:3a:34:1e:3c:8b:8a:18:78:a6:df:11: 941s 4b:93:85:ac:58:ac:eb:28:90:6a:b3:74:ed:44:39:b1:e4:40: 941s 0c:1d:6e:70:eb:fc:0f:68:73:f3:28:b0:57:05:8f:8d:11:72: 941s 17:e0:30:0e:04:dc:0b:ff:65:3b:67:aa:34:66:f1:ff:78:75: 941s 34:8c:92:1e:01:b2:9b:5f:b7:5f:5f:6d:cb:7f:0a:6a:4e:f4: 941s 81:e9 941s + openssl ca -passin pass:random-intermediate-CA-password-7905 -config /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.pem 941s Using configuration from /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.config 941s Check that the request matches the signature 941s Signature ok 941s Certificate Details: 941s Serial Number: 4 (0x4) 941s Validity 941s Not Before: Jun 14 15:28:09 2024 GMT 941s Not After : Jun 14 15:28:09 2025 GMT 941s Subject: 941s organizationName = Test Organization 941s organizationalUnitName = Test Organization Unit 941s commonName = Test Organization Intermediate Trusted Certificate 0001 941s X509v3 extensions: 941s X509v3 Authority Key Identifier: 941s 14:C2:C4:87:BF:68:D3:8A:C0:AA:D7:7C:6A:E2:0A:72:55:91:63:D2 941s X509v3 Basic Constraints: 941s CA:FALSE 941s Netscape Cert Type: 941s SSL Client, S/MIME 941s Netscape Comment: 941s Test Organization Intermediate CA trusted Certificate 941s X509v3 Subject Key Identifier: 941s E5:75:32:BB:CF:50:4D:0C:8F:4A:E3:E7:05:F9:EB:74:21:C8:7B:D4 941s X509v3 Key Usage: critical 941s Digital Signature, Non Repudiation, Key Encipherment 941s X509v3 Extended Key Usage: 941s TLS Web Client Authentication, E-mail Protection 941s X509v3 Subject Alternative Name: 941s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 941s Certificate is to be certified until Jun 14 15:28:09 2025 GMT (365 days) 941s 941s Write out database with 1 new entries 941s Database updated 941s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.pem 941s This certificate should not be trusted fully 941s + echo 'This certificate should not be trusted fully' 941s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.pem 941s + local cmd=openssl 941s + shift 941s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.pem 941s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 941s error 2 at 1 depth lookup: unable to get issuer certificate 941s error /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 941s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.pem 941s /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.pem: OK 941s + cat 941s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12198 941s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-12198 1024 941s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-12198 -key /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 941s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 941s Certificate Request: 941s Data: 941s Version: 1 (0x0) 941s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 941s Subject Public Key Info: 941s Public Key Algorithm: rsaEncryption 941s Public-Key: (1024 bit) 941s Modulus: 941s 00:ce:c3:10:57:fe:a2:84:d5:78:a4:ec:62:89:e9: 941s 75:10:1a:8a:6b:d3:a4:51:5b:95:da:79:eb:f7:46: 941s a0:88:f6:05:f1:4d:7b:74:2b:46:d8:b8:fc:cf:22: 941s 4b:df:27:1b:2f:61:d5:6b:0c:2e:fa:f3:a6:d2:3d: 941s 05:10:d0:a2:21:ce:da:61:b6:cd:41:57:a2:d4:b5: 941s 1d:99:54:3b:cc:d4:7e:a2:93:03:a4:49:25:c4:a9: 941s 08:3e:c3:2e:bc:68:ca:4f:d6:e6:fc:5a:4e:03:b4: 941s c2:8b:b1:27:f2:4e:65:c4:dd:fc:43:64:2d:30:54: 941s 0a:50:85:16:91:bc:27:8e:dd 941s Exponent: 65537 (0x10001) 941s Attributes: 941s Requested Extensions: 941s X509v3 Basic Constraints: 941s CA:FALSE 941s Netscape Cert Type: 941s SSL Client, S/MIME 941s Netscape Comment: 941s Test Organization Sub Intermediate CA trusted Certificate 941s X509v3 Subject Key Identifier: 941s 0A:00:83:21:DE:02:AE:A4:91:75:91:7F:E0:26:D1:0B:B3:92:A2:1B 941s X509v3 Key Usage: critical 941s Digital Signature, Non Repudiation, Key Encipherment 941s X509v3 Extended Key Usage: 941s TLS Web Client Authentication, E-mail Protection 941s X509v3 Subject Alternative Name: 941s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 941s Signature Algorithm: sha256WithRSAEncryption 941s Signature Value: 941s 7c:20:30:4e:5d:16:7f:e3:82:24:17:be:21:6d:98:d6:19:0d: 941s f0:89:cd:02:0c:df:d4:97:ee:8b:80:88:bc:d5:c2:83:30:f7: 941s de:82:1c:62:af:bc:ad:f9:bd:fc:2d:67:f0:74:ba:b7:5c:2c: 941s fb:f8:78:45:70:65:35:3b:e5:ad:62:4a:cc:cb:3a:62:52:1c: 941s 9e:7b:94:c8:06:aa:26:99:ef:47:a0:b4:62:ff:31:7b:9f:53: 941s 42:22:04:6b:ef:f9:b4:7c:e7:fb:3c:ea:fc:fc:bc:e6:26:a7: 941s 0c:fe:ec:94:d2:87:83:4b:77:84:cb:20:29:40:a0:e5:f6:00: 941s 81:65 941s + openssl ca -passin pass:random-sub-intermediate-CA-password-5756 -config /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem 941s Using configuration from /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.config 941s Check that the request matches the signature 941s Signature ok 941s Certificate Details: 941s Serial Number: 5 (0x5) 941s Validity 941s Not Before: Jun 14 15:28:09 2024 GMT 941s Not After : Jun 14 15:28:09 2025 GMT 941s Subject: 941s organizationName = Test Organization 941s organizationalUnitName = Test Organization Unit 941s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 941s X509v3 extensions: 941s X509v3 Authority Key Identifier: 941s 43:BB:6C:8B:C4:01:78:66:1E:09:F4:50:C5:70:61:53:85:66:89:06 941s X509v3 Basic Constraints: 941s CA:FALSE 941s Netscape Cert Type: 941s SSL Client, S/MIME 941s Netscape Comment: 941s Test Organization Sub Intermediate CA trusted Certificate 941s X509v3 Subject Key Identifier: 941s 0A:00:83:21:DE:02:AE:A4:91:75:91:7F:E0:26:D1:0B:B3:92:A2:1B 941s X509v3 Key Usage: critical 941s Digital Signature, Non Repudiation, Key Encipherment 941s X509v3 Extended Key Usage: 941s TLS Web Client Authentication, E-mail Protection 941s X509v3 Subject Alternative Name: 941s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 941s Certificate is to be certified until Jun 14 15:28:09 2025 GMT (365 days) 941s 941s Write out database with 1 new entries 941s Database updated 941s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem 942s + echo 'This certificate should not be trusted fully' 942s This certificate should not be trusted fully 942s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem 942s + local cmd=openssl 942s + shift 942s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem 942s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 942s error 2 at 1 depth lookup: unable to get issuer certificate 942s error /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 942s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem 942s + local cmd=openssl 942s + shift 942s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem 942s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 942s error 20 at 0 depth lookup: unable to get local issuer certificate 942s error /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 942s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem 942s /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 942s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem 942s + local cmd=openssl 942s + shift 942s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem 942s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 942s error 20 at 0 depth lookup: unable to get local issuer certificate 942s error /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 942s + echo 'Building a the full-chain CA file...' 942s + cat /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem 942s Building a the full-chain CA file... 942s + cat /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem 942s + cat /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem 942s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-full-chain-CA.pem 942s + openssl pkcs7 -print_certs -noout 942s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 942s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 942s 942s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 942s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 942s 942s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 942s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 942s 942s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem 942s /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA.pem: OK 942s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.pem 942s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.pem 942s /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.pem: OK 942s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-intermediate-chain-CA.pem 942s /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.pem: OK 942s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Y8ENbH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem 942s /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-intermediate-chain-CA.pem: OK 942s + echo 'Certificates generation completed!' 942s + [[ -v NO_SSSD_TESTS ]] 942s + [[ -v GENERATE_SMART_CARDS ]] 942s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-2711 942s + local certificate=/tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.pem 942s + local key_pass=pass:random-root-ca-trusted-cert-0001-2711 942s + local key_cn 942s + local key_name 942s + local tokens_dir 942s + local output_cert_file 942s + token_name= 942s /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 942s ++ basename /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.pem .pem 942s Certificates generation completed! 942s + key_name=test-root-CA-trusted-certificate-0001 942s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.pem 942s ++ sed -n 's/ *commonName *= //p' 942s + key_cn='Test Organization Root Trusted Certificate 0001' 942s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 942s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-root-CA-trusted-certificate-0001.conf 942s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-root-CA-trusted-certificate-0001.conf 942s ++ basename /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 942s + tokens_dir=/tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-root-CA-trusted-certificate-0001 942s + token_name='Test Organization Root Tr Token' 942s + '[' '!' -e /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 942s + local key_file 942s + local decrypted_key 942s + mkdir -p /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-root-CA-trusted-certificate-0001 942s + key_file=/tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001-key.pem 942s + decrypted_key=/tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001-key-decrypted.pem 942s + cat 942s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 942s Slot 0 has a free/uninitialized token. 942s The token has been initialized and is reassigned to slot 702261513 942s + softhsm2-util --show-slots 942s Available slots: 942s Slot 702261513 942s Slot info: 942s Description: SoftHSM slot ID 0x29dba909 942s Manufacturer ID: SoftHSM project 942s Hardware version: 2.6 942s Firmware version: 2.6 942s Token present: yes 942s Token info: 942s Manufacturer ID: SoftHSM project 942s Model: SoftHSM v2 942s Hardware version: 2.6 942s Firmware version: 2.6 942s Serial number: 09d4996229dba909 942s Initialized: yes 942s User PIN init.: yes 942s Label: Test Organization Root Tr Token 942s Slot 1 942s Slot info: 942s Description: SoftHSM slot ID 0x1 942s Manufacturer ID: SoftHSM project 942s Hardware version: 2.6 942s Firmware version: 2.6 942s Token present: yes 942s Token info: 942s Manufacturer ID: SoftHSM project 942s Model: SoftHSM v2 942s Hardware version: 2.6 942s Firmware version: 2.6 942s Serial number: 942s Initialized: no 942s User PIN init.: no 942s Label: 942s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 942s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-2711 -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001-key-decrypted.pem 942s writing RSA key 942s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 942s + rm /tmp/sssd-softhsm2-certs-Y8ENbH/test-root-CA-trusted-certificate-0001-key-decrypted.pem 942s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 942s Object 0: 942s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=09d4996229dba909;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 942s Type: X.509 Certificate (RSA-1024) 942s Expires: Sat Jun 14 15:28:09 2025 942s Label: Test Organization Root Trusted Certificate 0001 942s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 942s 942s + echo 'Test Organization Root Tr Token' 942s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27246 942s + local certificate=/tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.pem 942s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27246 942s + local key_cn 942s + local key_name 942s + local tokens_dir 942s + local output_cert_file 942s + token_name= 942s Test Organization Root Tr Token 942s ++ basename /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.pem .pem 942s + key_name=test-intermediate-CA-trusted-certificate-0001 942s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.pem 942s ++ sed -n 's/ *commonName *= //p' 943s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 943s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 943s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 943s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 943s ++ basename /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 943s + tokens_dir=/tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-intermediate-CA-trusted-certificate-0001 943s + token_name='Test Organization Interme Token' 943s + '[' '!' -e /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 943s + local key_file 943s + local decrypted_key 943s + mkdir -p /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-intermediate-CA-trusted-certificate-0001 943s + key_file=/tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001-key.pem 943s + decrypted_key=/tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 943s + cat 943s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 943s Slot 0 has a free/uninitialized token. 943s The token has been initialized and is reassigned to slot 1299665381 943s + softhsm2-util --show-slots 943s Available slots: 943s Slot 1299665381 943s Slot info: 943s Description: SoftHSM slot ID 0x4d7751e5 943s Manufacturer ID: SoftHSM project 943s Hardware version: 2.6 943s Firmware version: 2.6 943s Token present: yes 943s Token info: 943s Manufacturer ID: SoftHSM project 943s Model: SoftHSM v2 943s Hardware version: 2.6 943s Firmware version: 2.6 943s Serial number: fc007845cd7751e5 943s Initialized: yes 943s User PIN init.: yes 943s Label: Test Organization Interme Token 943s Slot 1 943s Slot info: 943s Description: SoftHSM slot ID 0x1 943s Manufacturer ID: SoftHSM project 943s Hardware version: 2.6 943s Firmware version: 2.6 943s Token present: yes 943s Token info: 943s Manufacturer ID: SoftHSM project 943s Model: SoftHSM v2 943s Hardware version: 2.6 943s Firmware version: 2.6 943s Serial number: 943s Initialized: no 943s User PIN init.: no 943s Label: 943s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 943s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-27246 -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 943s writing RSA key 943s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 943s + rm /tmp/sssd-softhsm2-certs-Y8ENbH/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 943s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 943s Object 0: 943s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fc007845cd7751e5;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 943s Type: X.509 Certificate (RSA-1024) 943s Expires: Sat Jun 14 15:28:09 2025 943s Label: Test Organization Intermediate Trusted Certificate 0001 943s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 943s 943s Test Organization Interme Token 943s + echo 'Test Organization Interme Token' 943s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12198 943s + local certificate=/tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem 943s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12198 943s + local key_cn 943s + local key_name 943s + local tokens_dir 943s + local output_cert_file 943s + token_name= 943s ++ basename /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 943s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 943s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem 943s ++ sed -n 's/ *commonName *= //p' 943s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 943s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 943s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 943s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 943s ++ basename /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 943s + tokens_dir=/tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 943s + token_name='Test Organization Sub Int Token' 943s + '[' '!' -e /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 943s + local key_file 943s + local decrypted_key 943s + mkdir -p /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 943s + key_file=/tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 943s + decrypted_key=/tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 943s + cat 943s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 943s Slot 0 has a free/uninitialized token. 943s The token has been initialized and is reassigned to slot 577340396 943s + softhsm2-util --show-slots 943s Available slots: 943s Slot 577340396 943s Slot info: 943s Description: SoftHSM slot ID 0x226983ec 943s Manufacturer ID: SoftHSM project 943s Hardware version: 2.6 943s Firmware version: 2.6 943s Token present: yes 943s Token info: 943s Manufacturer ID: SoftHSM project 943s Model: SoftHSM v2 943s Hardware version: 2.6 943s Firmware version: 2.6 943s Serial number: 1521b5e4226983ec 943s Initialized: yes 943s User PIN init.: yes 943s Label: Test Organization Sub Int Token 943s Slot 1 943s Slot info: 943s Description: SoftHSM slot ID 0x1 943s Manufacturer ID: SoftHSM project 943s Hardware version: 2.6 943s Firmware version: 2.6 943s Token present: yes 943s Token info: 943s Manufacturer ID: SoftHSM project 943s Model: SoftHSM v2 943s Hardware version: 2.6 943s Firmware version: 2.6 943s Serial number: 943s Initialized: no 943s User PIN init.: no 943s Label: 944s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 944s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-12198 -in /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 944s writing RSA key 944s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 944s + rm /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 944s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 944s Object 0: 944s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1521b5e4226983ec;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 944s Type: X.509 Certificate (RSA-1024) 944s Expires: Sat Jun 14 15:28:09 2025 944s Label: Test Organization Sub Intermediate Trusted Certificate 0001 944s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 944s 944s Test Organization Sub Int Token 944s + echo 'Test Organization Sub Int Token' 944s + echo 'Certificates generation completed!' 944s + exit 0 944s Certificates generation completed! 944s + find /tmp/sssd-softhsm2-certs-Y8ENbH -type d -exec chmod 777 '{}' ';' 944s + find /tmp/sssd-softhsm2-certs-Y8ENbH -type f -exec chmod 666 '{}' ';' 945s + backup_file /etc/sssd/sssd.conf 945s + '[' -z '' ']' 945s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 945s + backupsdir=/tmp/sssd-softhsm2-backups-LmY2t5 945s + '[' -e /etc/sssd/sssd.conf ']' 945s + delete_paths+=("$1") 945s + rm -f /etc/sssd/sssd.conf 945s ++ runuser -u ubuntu -- sh -c 'echo ~' 945s + user_home=/home/ubuntu 945s + mkdir -p /home/ubuntu 945s + chown ubuntu:ubuntu /home/ubuntu 945s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 945s + user_config=/home/ubuntu/.config 945s + system_config=/etc 945s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 945s + for path_pair in "${softhsm2_conf_paths[@]}" 945s + IFS=: 945s + read -r -a path 945s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 945s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 945s + '[' -z /tmp/sssd-softhsm2-backups-LmY2t5 ']' 945s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 945s + delete_paths+=("$1") 945s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 945s + for path_pair in "${softhsm2_conf_paths[@]}" 945s + IFS=: 945s + read -r -a path 945s + path=/etc/softhsm/softhsm2.conf 945s + backup_file /etc/softhsm/softhsm2.conf 945s + '[' -z /tmp/sssd-softhsm2-backups-LmY2t5 ']' 945s + '[' -e /etc/softhsm/softhsm2.conf ']' 945s ++ dirname /etc/softhsm/softhsm2.conf 945s + local back_dir=/tmp/sssd-softhsm2-backups-LmY2t5//etc/softhsm 945s ++ basename /etc/softhsm/softhsm2.conf 945s + local back_path=/tmp/sssd-softhsm2-backups-LmY2t5//etc/softhsm/softhsm2.conf 945s + '[' '!' -e /tmp/sssd-softhsm2-backups-LmY2t5//etc/softhsm/softhsm2.conf ']' 945s + mkdir -p /tmp/sssd-softhsm2-backups-LmY2t5//etc/softhsm 945s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-LmY2t5//etc/softhsm/softhsm2.conf 945s + restore_paths+=("$back_path") 945s + rm -f /etc/softhsm/softhsm2.conf 945s + test_authentication login /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-Y8ENbH/test-full-chain-CA.pem 945s + pam_service=login 945s + certificate_config=/tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-root-CA-trusted-certificate-0001.conf 945s + ca_db=/tmp/sssd-softhsm2-certs-Y8ENbH/test-full-chain-CA.pem 945s + verification_options= 945s + mkdir -p -m 700 /etc/sssd 945s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-Y8ENbH/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 945s + cat 945s Using CA DB '/tmp/sssd-softhsm2-certs-Y8ENbH/test-full-chain-CA.pem' with verification options: '' 945s + chmod 600 /etc/sssd/sssd.conf 945s + for path_pair in "${softhsm2_conf_paths[@]}" 945s + IFS=: 945s + read -r -a path 945s + user=ubuntu 945s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 945s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 945s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 946s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 946s + runuser -u ubuntu -- softhsm2-util --show-slots 946s + grep 'Test Organization' 946s Label: Test Organization Root Tr Token 946s + for path_pair in "${softhsm2_conf_paths[@]}" 946s + IFS=: 946s + read -r -a path 946s + user=root 946s + path=/etc/softhsm/softhsm2.conf 946s ++ dirname /etc/softhsm/softhsm2.conf 946s + runuser -u root -- mkdir -p /etc/softhsm 946s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 946s + runuser -u root -- softhsm2-util --show-slots 946s + grep 'Test Organization' 946s Label: Test Organization Root Tr Token 946s + systemctl restart sssd 947s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 948s + for alternative in "${alternative_pam_configs[@]}" 948s + pam-auth-update --enable sss-smart-card-optional 948s + cat /etc/pam.d/common-auth 948s # 948s # /etc/pam.d/common-auth - authentication settings common to all services 948s # 948s # This file is included from other service-specific PAM config files, 948s # and should contain a list of the authentication modules that define 948s # the central authentication scheme for use on the system 948s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 948s # traditional Unix authentication mechanisms. 948s # 948s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 948s # To take advantage of this, it is recommended that you configure any 948s # local modules either before or after the default block, and use 948s # pam-auth-update to manage selection of other modules. See 948s # pam-auth-update(8) for details. 948s 948s # here are the per-package modules (the "Primary" block) 948s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 948s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 948s auth [success=1 default=ignore] pam_sss.so use_first_pass 948s # here's the fallback if no module succeeds 948s auth requisite pam_deny.so 948s # prime the stack with a positive return value if there isn't one already; 948s # this avoids us returning an error just because nothing sets a success code 948s # since the modules above will each just jump around 948s auth required pam_permit.so 948s # and here are more per-package modules (the "Additional" block) 948s auth optional pam_cap.so 948s # end of pam-auth-update config 948s + echo -n -e 123456 948s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 948s pamtester: invoking pam_start(login, ubuntu, ...) 948s pamtester: performing operation - authenticate 948s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 948s + echo -n -e 123456 948s + runuser -u ubuntu -- pamtester -v login '' authenticate 948s pamtester: invoking pam_start(login, , ...) 948s pamtester: performing operation - authenticate 948s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 948s + echo -n -e wrong123456 948s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 948s pamtester: invoking pam_start(login, ubuntu, ...) 948s pamtester: performing operation - authenticate 951s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 952s + echo -n -e wrong123456 952s + runuser -u ubuntu -- pamtester -v login '' authenticate 952s pamtester: invoking pam_start(login, , ...) 952s pamtester: performing operation - authenticate 954s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 954s + echo -n -e 123456 954s + pamtester -v login root authenticate 954s pamtester: invoking pam_start(login, root, ...) 954s pamtester: performing operation - authenticate 957s Password: pamtester: Authentication failure 957s + for alternative in "${alternative_pam_configs[@]}" 957s + pam-auth-update --enable sss-smart-card-required 957s PAM configuration 957s ----------------- 957s 957s Incompatible PAM profiles selected. 957s 957s The following PAM profiles cannot be used together: 957s 957s SSS required smart card authentication, SSS optional smart card 957s authentication 957s 957s Please select a different set of modules to enable. 957s 957s + cat /etc/pam.d/common-auth 957s # 957s # /etc/pam.d/common-auth - authentication settings common to all services 957s # 957s # This file is included from other service-specific PAM config files, 957s # and should contain a list of the authentication modules that define 957s # the central authentication scheme for use on the system 957s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 957s # traditional Unix authentication mechanisms. 957s # 957s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 957s # To take advantage of this, it is recommended that you configure any 957s # local modules either before or after the default block, and use 957s # pam-auth-update to manage selection of other modules. See 957s # pam-auth-update(8) for details. 957s 957s # here are the per-package modules (the "Primary" block) 957s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 957s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 957s auth [success=1 default=ignore] pam_sss.so use_first_pass 957s # here's the fallback if no module succeeds 957s auth requisite pam_deny.so 957s # prime the stack with a positive return value if there isn't one already; 957s # this avoids us returning an error just because nothing sets a success code 957s # since the modules above will each just jump around 957s auth required pam_permit.so 957s # and here are more per-package modules (the "Additional" block) 957s auth optional pam_cap.so 957s # end of pam-auth-update config 957s + echo -n -e 123456 957s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 958s pamtester: invoking pam_start(login, ubuntu, ...) 958s pamtester: performing operation - authenticate 958s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 958s + echo -n -e 123456 958s + runuser -u ubuntu -- pamtester -v login '' authenticate 958s pamtester: invoking pam_start(login, , ...) 958s pamtester: performing operation - authenticate 958s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 958s + echo -n -e wrong123456 958s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 958s pamtester: invoking pam_start(login, ubuntu, ...) 958s pamtester: performing operation - authenticate 961s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 961s + echo -n -e wrong123456 961s + runuser -u ubuntu -- pamtester -v login '' authenticate 961s pamtester: invoking pam_start(login, , ...) 961s pamtester: performing operation - authenticate 965s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 965s + echo -n -e 123456 965s + pamtester -v login root authenticate 965s pamtester: invoking pam_start(login, root, ...) 965s pamtester: performing operation - authenticate 968s pamtester: Authentication service cannot retrieve authentication info 968s + test_authentication login /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-Y8ENbH/test-full-chain-CA.pem 968s + pam_service=login 968s + certificate_config=/tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 968s + ca_db=/tmp/sssd-softhsm2-certs-Y8ENbH/test-full-chain-CA.pem 968s + verification_options= 968s + mkdir -p -m 700 /etc/sssd 968s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-Y8ENbH/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 968s + cat 968s Using CA DB '/tmp/sssd-softhsm2-certs-Y8ENbH/test-full-chain-CA.pem' with verification options: '' 968s + chmod 600 /etc/sssd/sssd.conf 968s + for path_pair in "${softhsm2_conf_paths[@]}" 968s + IFS=: 968s + read -r -a path 968s + user=ubuntu 968s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 968s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 968s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 968s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 968s + runuser -u ubuntu -- softhsm2-util --show-slots 968s + grep 'Test Organization' 968s + for path_pair in "${softhsm2_conf_paths[@]}" 968s + IFS=: 968s + read -r -a path 968s + user=root 968s + path=/etc/softhsm/softhsm2.conf 968s ++ dirname /etc/softhsm/softhsm2.conf 968s Label: Test Organization Sub Int Token 968s + runuser -u root -- mkdir -p /etc/softhsm 968s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 968s + runuser -u root -- softhsm2-util --show-slots 968s + grep 'Test Organization' 968s Label: Test Organization Sub Int Token 968s + systemctl restart sssd 968s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 968s + for alternative in "${alternative_pam_configs[@]}" 968s + pam-auth-update --enable sss-smart-card-optional 969s + cat /etc/pam.d/common-auth 969s # 969s # /etc/pam.d/common-auth - authentication settings common to all services 969s # 969s # This file is included from other service-specific PAM config files, 969s # and should contain a list of the authentication modules that define 969s # the central authentication scheme for use on the system 969s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 969s # traditional Unix authentication mechanisms. 969s # 969s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 969s # To take advantage of this, it is recommended that you configure any 969s # local modules either before or after the default block, and use 969s # pam-auth-update to manage selection of other modules. See 969s # pam-auth-update(8) for details. 969s 969s # here are the per-package modules (the "Primary" block) 969s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 969s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 969s auth [success=1 default=ignore] pam_sss.so use_first_pass 969s # here's the fallback if no module succeeds 969s auth requisite pam_deny.so 969s # prime the stack with a positive return value if there isn't one already; 969s # this avoids us returning an error just because nothing sets a success code 969s # since the modules above will each just jump around 969s auth required pam_permit.so 969s # and here are more per-package modules (the "Additional" block) 969s auth optional pam_cap.so 969s # end of pam-auth-update config 969s + echo -n -e 123456 969s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 969s pamtester: invoking pam_start(login, ubuntu, ...) 969s pamtester: performing operation - authenticate 969s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 969s + echo -n -e 123456 969s + runuser -u ubuntu -- pamtester -v login '' authenticate 969s pamtester: invoking pam_start(login, , ...) 969s pamtester: performing operation - authenticate 969s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 969s + echo -n -e wrong123456 969s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 969s pamtester: invoking pam_start(login, ubuntu, ...) 969s pamtester: performing operation - authenticate 972s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 972s + echo -n -e wrong123456 972s + runuser -u ubuntu -- pamtester -v login '' authenticate 972s pamtester: invoking pam_start(login, , ...) 972s pamtester: performing operation - authenticate 976s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 976s + echo -n -e 123456 976s + pamtester -v login root authenticate 976s pamtester: invoking pam_start(login, root, ...) 976s pamtester: performing operation - authenticate 979s Password: pamtester: Authentication failure 979s + for alternative in "${alternative_pam_configs[@]}" 979s + pam-auth-update --enable sss-smart-card-required 983s PAM configuration 983s ----------------- 983s 983s Incompatible PAM profiles selected. 983s 983s The following PAM profiles cannot be used together: 983s 983s SSS required smart card authentication, SSS optional smart card 983s authentication 983s 983s Please select a different set of modules to enable. 983s 983s + cat /etc/pam.d/common-auth 983s # 983s # /etc/pam.d/common-auth - authentication settings common to all services 983s # 983s # This file is included from other service-specific PAM config files, 983s # and should contain a list of the authentication modules that define 983s # the central authentication scheme for use on the system 983s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 983s # traditional Unix authentication mechanisms. 983s # 983s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 983s # To take advantage of this, it is recommended that you configure any 983s # local modules either before or after the default block, and use 983s # pam-auth-update to manage selection of other modules. See 983s # pam-auth-update(8) for details. 983s 983s # here are the per-package modules (the "Primary" block) 983s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 983s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 983s auth [success=1 default=ignore] pam_sss.so use_first_pass 983s # here's the fallback if no module succeeds 983s auth requisite pam_deny.so 983s # prime the stack with a positive return value if there isn't one already; 983s # this avoids us returning an error just because nothing sets a success code 983s # since the modules above will each just jump around 983s auth required pam_permit.so 983s # and here are more per-package modules (the "Additional" block) 983s auth optional pam_cap.so 983s # end of pam-auth-update config 983s + echo -n -e 123456 984s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 984s pamtester: invoking pam_start(login, ubuntu, ...) 984s pamtester: performing operation - authenticate 984s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 984s + echo -n -e 123456 984s + runuser -u ubuntu -- pamtester -v login '' authenticate 985s pamtester: invoking pam_start(login, , ...) 985s pamtester: performing operation - authenticate 985s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 986s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 986s + echo -n -e wrong123456 986s pamtester: invoking pam_start(login, ubuntu, ...) 986s pamtester: performing operation - authenticate 990s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 990s + runuser -u ubuntu -- pamtester -v login '' authenticate 990s + echo -n -e wrong123456 990s pamtester: invoking pam_start(login, , ...) 990s pamtester: performing operation - authenticate 993s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 994s + echo -n -e 123456 994s + pamtester -v login root authenticate 994s pamtester: invoking pam_start(login, root, ...) 994s pamtester: performing operation - authenticate 998s pamtester: Authentication service cannot retrieve authentication info 998s + test_authentication login /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem partial_chain 998s + pam_service=login 998s + certificate_config=/tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 998s + ca_db=/tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem 998s + verification_options=partial_chain 998s + mkdir -p -m 700 /etc/sssd 999s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 999s + cat 999s Using CA DB '/tmp/sssd-softhsm2-certs-Y8ENbH/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 999s + chmod 600 /etc/sssd/sssd.conf 999s + for path_pair in "${softhsm2_conf_paths[@]}" 999s + IFS=: 999s + read -r -a path 999s + user=ubuntu 999s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 999s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 999s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 1000s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 1001s + runuser -u ubuntu -- softhsm2-util --show-slots 1001s + grep 'Test Organization' 1004s Label: Test Organization Sub Int Token 1004s + for path_pair in "${softhsm2_conf_paths[@]}" 1004s + IFS=: 1004s + read -r -a path 1004s + user=root 1004s + path=/etc/softhsm/softhsm2.conf 1004s ++ dirname /etc/softhsm/softhsm2.conf 1004s + runuser -u root -- mkdir -p /etc/softhsm 1007s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-Y8ENbH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 1007s + runuser -u root -- softhsm2-util --show-slots 1007s + grep 'Test Organization' 1008s Label: Test Organization Sub Int Token 1008s + systemctl restart sssd 1032s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 1042s + for alternative in "${alternative_pam_configs[@]}" 1042s + pam-auth-update --enable sss-smart-card-optional 1050s + cat /etc/pam.d/common-auth 1051s # 1051s # /etc/pam.d/common-auth - authentication settings common to all services 1051s # 1051s # This file is included from other service-specific PAM config files, 1051s # and should contain a list of the authentication modules that define 1051s # the central authentication scheme for use on the system 1051s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1051s # traditional Unix authentication mechanisms. 1051s # 1051s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1051s # To take advantage of this, it is recommended that you configure any 1051s # local modules either before or after the default block, and use 1051s # pam-auth-update to manage selection of other modules. See 1051s # pam-auth-update(8) for details. 1051s 1051s # here are the per-package modules (the "Primary" block) 1051s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 1051s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1051s auth [success=1 default=ignore] pam_sss.so use_first_pass 1051s # here's the fallback if no module succeeds 1051s auth requisite pam_deny.so 1051s # prime the stack with a positive return value if there isn't one already; 1051s # this avoids us returning an error just because nothing sets a success code 1051s # since the modules above will each just jump around 1051s auth required pam_permit.so 1051s # and here are more per-package modules (the "Additional" block) 1051s auth optional pam_cap.so 1051s # end of pam-auth-update config 1051s + echo -n -e 123456 1051s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1051s pamtester: invoking pam_start(login, ubuntu, ...) 1052s pamtester: performing operation - authenticate 1056s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1056s + echo -n -e 123456 1056s + runuser -u ubuntu -- pamtester -v login '' authenticate 1057s pamtester: invoking pam_start(login, , ...) 1057s pamtester: performing operation - authenticate 1059s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1059s + echo -n -e wrong123456 1059s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1060s pamtester: invoking pam_start(login, ubuntu, ...) 1060s pamtester: performing operation - authenticate 1065s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 1065s + echo -n -e wrong123456 1065s + runuser -u ubuntu -- pamtester -v login '' authenticate 1066s pamtester: invoking pam_start(login, , ...) 1066s pamtester: performing operation - authenticate 1069s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 1070s + pamtester -v login root authenticate 1070s + echo -n -e 123456 1070s pamtester: invoking pam_start(login, root, ...) 1070s pamtester: performing operation - authenticate 1073s Password: pamtester: Authentication failure 1073s + for alternative in "${alternative_pam_configs[@]}" 1073s + pam-auth-update --enable sss-smart-card-required 1080s PAM configuration 1080s ----------------- 1080s 1080s Incompatible PAM profiles selected. 1080s 1080s The following PAM profiles cannot be used together: 1080s 1080s SSS required smart card authentication, SSS optional smart card 1080s authentication 1080s 1080s Please select a different set of modules to enable. 1080s 1080s + cat /etc/pam.d/common-auth 1080s + echo -n -e 123456 1080s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1081s # 1081s # /etc/pam.d/common-auth - authentication settings common to all services 1081s # 1081s # This file is included from other service-specific PAM config files, 1081s # and should contain a list of the authentication modules that define 1081s # the central authentication scheme for use on the system 1081s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1081s # traditional Unix authentication mechanisms. 1081s # 1081s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1081s # To take advantage of this, it is recommended that you configure any 1081s # local modules either before or after the default block, and use 1081s # pam-auth-update to manage selection of other modules. See 1081s # pam-auth-update(8) for details. 1081s 1081s # here are the per-package modules (the "Primary" block) 1081s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 1081s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1081s auth [success=1 default=ignore] pam_sss.so use_first_pass 1081s # here's the fallback if no module succeeds 1081s auth requisite pam_deny.so 1081s # prime the stack with a positive return value if there isn't one already; 1081s # this avoids us returning an error just because nothing sets a success code 1081s # since the modules above will each just jump around 1081s auth required pam_permit.so 1081s # and here are more per-package modules (the "Additional" block) 1081s auth optional pam_cap.so 1081s # end of pam-auth-update config 1081s pamtester: invoking pam_start(login, ubuntu, ...) 1081s pamtester: performing operation - authenticate 1082s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1082s + echo -n -e 123456 1082s + runuser -u ubuntu -- pamtester -v login '' authenticate 1083s pamtester: invoking pam_start(login, , ...) 1083s pamtester: performing operation - authenticate 1084s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1085s + echo -n -e wrong123456 1085s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1085s pamtester: invoking pam_start(login, ubuntu, ...) 1085s pamtester: performing operation - authenticate 1089s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 1090s + echo -n -e wrong123456 1090s + runuser -u ubuntu -- pamtester -v login '' authenticate 1090s pamtester: invoking pam_start(login, , ...) 1090s pamtester: performing operation - authenticate 1093s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 1094s + echo -n -e 123456 1094s + pamtester -v login root authenticate 1094s pamtester: invoking pam_start(login, root, ...) 1094s pamtester: performing operation - authenticate 1097s pamtester: Authentication service cannot retrieve authentication info 1097s + handle_exit 1098s + exit_code=0 1098s + restore_changes 1098s + for path in "${restore_paths[@]}" 1098s + local original_path 1098s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-LmY2t5 /tmp/sssd-softhsm2-backups-LmY2t5//etc/softhsm/softhsm2.conf 1098s + original_path=/etc/softhsm/softhsm2.conf 1098s + rm /etc/softhsm/softhsm2.conf 1098s + mv /tmp/sssd-softhsm2-backups-LmY2t5//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 1098s + for path in "${delete_paths[@]}" 1098s + rm -f /etc/sssd/sssd.conf 1098s + for path in "${delete_paths[@]}" 1098s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 1098s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 1100s + '[' -e /etc/sssd/sssd.conf ']' 1100s + systemctl stop sssd 1101s + '[' -e /etc/softhsm/softhsm2.conf ']' 1101s + chmod 600 /etc/softhsm/softhsm2.conf 1101s + rm -rf /tmp/sssd-softhsm2-certs-Y8ENbH 1101s + '[' 0 = 0 ']' 1101s + rm -rf /tmp/sssd-softhsm2-backups-LmY2t5 1101s + set +x 1101s Script completed successfully! 1103s autopkgtest [15:30:51]: test sssd-smart-card-pam-auth-configs: -----------------------] 1107s autopkgtest [15:30:55]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 1107s sssd-smart-card-pam-auth-configs PASS 1111s autopkgtest [15:30:59]: @@@@@@@@@@@@@@@@@@@@ summary 1111s ldap-user-group-ldap-auth PASS 1111s ldap-user-group-krb5-auth PASS 1111s sssd-softhism2-certificates-tests.sh PASS 1111s sssd-smart-card-pam-auth-configs PASS